Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pinging hosts over OPENVPN tunnel

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Piplfox
      last edited by

      I ve manage to connect two pfSense boxes using OPENVPN tunnel using shared key, but I cant get ping from host from A site to host at B site. Here is my config:

      Site A: (pfsense Server side)

      ADSL modem PPPOE –--DMZ----pfsense
      pfsense: WAN-DHCP, LAN : 192.168.50.250
      Added rule on wan : TCP/UDP  *  *  *  1194 (OpenVPN)  *
      OPEN VPN server conf:
      Port:UDP
      Address pool:192.168.200.0/24
      Remote network:192.168.51.0/24
      Cryptography:BF-CBC-128
      Authentication method: Shared Key

      Site B: (pfsense client side)

      ADSL modem PPPOE ----DMZ----pfsense
      pfsense: WAN-DHCP, LAN : 192.168.51.250
      OPEN VPN server conf:
      Port:UDP
      Server address:Dyndns host name
      Server port: 1194
      Interface IP: 192.168.51.0/24
      Remote network: 192.168.50.0/24
      Proxy Host: empty
      Proxy port:3128
      Cryptography:BF-CBC-128
      Authentication method: Shared Key

      Maybe I am missing some route on server/client side in Custom options?!

      Any suggestion?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        If you look at the openvpn log: do you see anything indicating that the tunnel doesn't come up?
        If you ping from the pfsense webgui the other side of the tunnel: do you get a reply?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • P
          Piplfox
          last edited by

          Yes the tunnel is up and I can ping from the pfsense webgui from both boxes, but I can’t ping from host (site A) to host (site B) or B Box and vice versa.

          Jun 14 08:06:07 openvpn[63204]: Inactivity timeout (–ping-restart), restarting
          Jun 14 08:06:07 openvpn[63204]: SIGUSR1[soft,ping-restart] received, process restarting
          Jun 14 08:06:09 openvpn[63204]: Re-using pre-shared static key
          Jun 14 08:06:09 openvpn[63204]: TCP/UDP: Preserving recently used remote address: WAN ADDRESS:1194 Jun 14 08:06:09 openvpn[63204]: Preserving previous TUN/TAP instance: tun0 Jun 14 08:06:09 openvpn[63204]: UDPv4 link local (bound): [undef]:1194 Jun 14 08:06:09 openvpn[63204]: UDPv4 link remote: WAN ADDRESS:1194 Jun 14 08:06:10 openvpn[63204]: Peer Connection Initiated with WAN ADREES:1024 Jun 14 08:06:10 openvpn[63204]: Initialization Sequence Completed
          Jun 14 08:06:19 openvpn[63204]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.200.1 192.168.200.2', remote='ifconfig 192.168.51.1 192.168.51.2'

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            You have an address mismatch between address pool (server config) and interface ip (client config), those two have to match on a PSK setup.

            Edit: The address range you pick for address pool/interface ip also has to be distinct from any other ip range used on your networks.

            1 Reply Last reply Reply Quote 0
            • P
              Piplfox
              last edited by

              Thx i think i got it now. I ve changed Address pool to 10.0.8.0/24 (on servers side) an on client side Interface IP: to 10.0.8.0/24 and now i can ping from hosts on A site to host on B site. Now I am going to play with DNS. Thx once again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.