Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't ping from local network to remote

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jasonlitka
      last edited by

      Ok, I must be doing something wrong here…  All traffic (that I've tested) initiated from the remote side of my site-to-site works just fine.  Pings from my local pfsense to the remote pfsense work fine.  Pings from my local pfsense to a machine on the remote network fail.  Pings from a computer on my local network to the remote pfsense or anywhere else on the remote network fail.

      Diagnostics > Route on both sides shows appropriate routes for traffic passing to the other side.

      Is this the way it's supposed to work or have I screwed something up?

      I can break anything.

      1 Reply Last reply Reply Quote 0
      • D
        dklev
        last edited by

        May be you need a "Client specific override" with an iroute to your destination, e.g. iroute "192.168.251.0 255.255.255.0";

        1 Reply Last reply Reply Quote 0
        • J
          jasonlitka
          last edited by

          I'm not sure I really understand what you mean.  Does that go on the client system or the server system?  What would I enter for Common Name (I'm using shared key)?

          I can break anything.

          1 Reply Last reply Reply Quote 0
          • J
            jasonlitka
            last edited by

            Ok, something odd happened.  I clicked edit on the remote-side and then save (no changes) and once the tunnel came back up the local-side pfsense box could ping everything on the remote-side (instead of just the pfsense box as before).  I clicked edit/save again and it went back to just being able to ping the remote pfsense box.

            Honestly, I'm getting kind of tired of this.  Between traffic only being able to be initiated from one direction and the tunnel not automatically reestablishing when there is an issue, OpenVPN seems entirely too fragile and flaky to be used.  Maybe I'll revisit it in a year or two to see if anything has improved.

            I can break anything.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              OpenVPN automatically reconnects. It doesn't wait for traffic, it tries constantly. There is a 60-second timeout (but that can be tweaked in the custom options).

              When you save on the server end, the process restarts which disconnects the client, which can then take up to a minute to reconnect.

              When you save on the client, the process restarts and it will reconnect right away.

              There is nothing wrong with OpenVPN when setup properly, I use it all over the place every day and have zero issues. I have far more issues with IPsec tunnels on a weekly basis.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.