Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot ping road warriors

    Scheduled Pinned Locked Moved
    OpenVPN
    3
    3
    1.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ccb056
      last edited by

      Hi,

      I was having an issue with my Windows 7 road warriors using OpenVPN.
      The road warriors could ping machines on the LAN side of the pfsense box fine.
      But the LAN machines could not ping the road warriors.

      The fix was to change the OpenVPN connection from a Public to a Work connection on the roadwarrior.
      But it was difficult because OpenVPN would not pass a default gateway to the road warrior in the config, making Windows 7 mad and forcing you to only use Public.

      The fix was to add the following lines at the end of my openvpn config file on the road warrior
      source

      
# Dummy default gateway to work around Windows 'unidentified network'/'unknown network'
route-metric 512
route 0.0.0.0 0.0.0.0

      My question is, can I put this somewhere in the config on the pfsense box so that when I export the config this line appears and I don't have to manually modify it ervery time i export?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        In the advanced options, use:

        push "[xxx]";

        Where [xxx] is the command you want to push to the client, such as:

        push "route 0.0.0.0 0.0.0.0";

        Though that may be comparable to:

        push "redirect-gateway def1";

        Which can be triggered by checking the box to force all client traffic through the tunnel.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Useful thread, but I need a little more help.

          What exactly is "route-metric 512" for?
          It doesn't seem needed, pushing the route alone fixes the "unidentified network".

          Also,
          Win 7 firewall allows inbound echo's only on its subnet.
          i.e. if Win 7 road warrior IP is 10.0.8.6 and VPN "home LAN" is 192.168.1.1
          Win 7 will block the ICMP coming from the "home LAN".

          Is there an elegant solution to this?
          Changing firewall rules on each Win7 road warrior is far from ideal.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post