Tun can't reach remote lan but remote addr
-
Hello,
following setup:
Site A:
Pfsense OpenVPN server: 10.10.10.1
Tunnel: 192.168.240.0/30
Remote Network: 172.16.10.0/24
Tunnel IP: 192.168.240.1Site B
Pfsense OpenVPN client: 172.16.10.1
Tunnel IP: 192.168.240.2
Connects out via StarlinkIt's setup as a TLS tunnel and the tunnel is working. The status shows as connected on both ends.
Problem:
From Site A I can ping the Site B OpenVPN netgate at 172.16.10.1. However, I can't ping any of the devices in that LAN i.e 172.16.10.10. I can also ping the tunnel IPs.
As a test I have created a pass any any rule on all interfaces on the site B pfsense.
I also tested pinging the LAN devices from Site B pfsense and it worked. I'm a little lost right now why could cause this issue.Any advice appreciated!
-
@Enso_ said in Tun can't reach remote lan but remote addr:
I also tested pinging the LAN devices from Site B pfsense and it worked.
I assume, the LAN at A?
Ensure that the device at B allows access from outside of their subnet.
The access is possibly blocked by the firewall on destination devices themself. -
@viragomann said in Tun can't reach remote lan but remote addr:
@Enso_ said in Tun can't reach remote lan but remote addr:
I also tested pinging the LAN devices from Site B pfsense and it worked.
I assume, the LAN at A?
Ensure that the device at B allows access from outside of their subnet.
The access is possibly blocked by the firewall on destination devices themself.I don't see it even hitting the fw at site B.
I also tried any any allow on all interfaces at site B. No success. I still am able to ping the LAN network address of the pfsense at site B.The issue is both ways. Both ways I can only ping the LAN address but nothing behind it.
Very strange... -
@Enso_
I was talking about the firewall on the destination machine.To investigate the issue, sniff the traffic with packet capture on pfSense on the LAN interface and see if you get both, request and response packets.