• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Only able to ping router/openvpn gateway

Scheduled Pinned Locked Moved OpenVPN
5 Posts 4 Posters 5.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C Offline
    Clone1B
    last edited by May 18, 2012, 10:43 AM May 18, 2012, 10:41 AM

    Hi all,

    I've recently set up pfsense with openvpn, I've been able to connect but when I do I've only been able to ping the pfsense's LAN interface and its OpenVPN interface, nowhere else on the LAN network which I need.
    WAN and OpenVPN firewall rules are set to allow-all (temp while testing)

    LAN interface: 192.168.6.3
    LAN subnet: 192.168.6.0/24
    OpenVPN virtual subnet: 192.168.7.0/24

    OpenVPN server settings:
    Mode: Remote Access ( User Auth )
    Backend: AD
    Protocol: UDP
    Device Mode: Tun
    Interface: WAN
    Port: 1194
    TLS Auth: Enabled with proper certs
    DH Param: 1024 bits
    Encryption: AES-128-CBC
    Cert Depth: One

    Tunneled network: 192.168.7.0/24
    Redirect gateway: no
    Local network: 192.168.6.0/24
    Compression: Yes
    ToS: No
    Inter-client: No
    Dup Conns.: No

    Dynamic IP: Yes
    Adress Pool: Yes
    DNS Default domain: Set to LAN's default domain
    DNS servers: set to LAN's DNS server
    NTP Servers: set to LAN's NTP server
    NetBIOS: No

    Heres the OpenVPN interface on the client:
      Link-local IPv6 Address . . . . . : fe80::9938:c538:dd11:701d%20
      IPv4 Address. . . . . . . . . . . : 192.168.7.6
      Subnet Mask . . . . . . . . . . . : 255.255.255.252
      Default Gateway . . . . . . . . . :

    Heres all the routes involving OpenVPN on the client:
         192.168.6.0    255.255.255.0      192.168.7.5      192.168.7.6     30
         192.168.7.1  255.255.255.255      192.168.7.5      192.168.7.6     30
         192.168.7.4  255.255.255.252         On-link       192.168.7.6    286
         192.168.7.6  255.255.255.255         On-link       192.168.7.6    286
         192.168.7.7  255.255.255.255         On-link       192.168.7.6    286

    I can ping 192.168.6.3, 192.168.7.1, but nothing else.

    Anyone got any ideas?

    1 Reply Last reply Reply Quote 0
    • H Offline
      heper
      last edited by May 20, 2012, 4:40 PM

      do you allow traffic to and from you LAN subnet from the openvpn connection?
      do the clients in the LAN subnet all have the pfsense set as a gateway?

      be sure to check the firewall rules on the LAN-tab and see if there is a rule with Gateway:* that would match when trying to connect/reply to the openvpn client

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by May 20, 2012, 8:31 PM

        What's the default gateway for the LAN hosts? Guessing it's something other than pfSense, which means you need routing on the device that's the default gateway to get the OpenVPN tunnel network IPs back to pfSense.

        1 Reply Last reply Reply Quote 0
        • M Offline
          marvosa
          last edited by May 20, 2012, 11:48 PM

          I hate to "assume"… cause you know what happens... lol... so lets get some particulars out of the way:

          1.  Is the software firewall disabled on any hosts you're trying to ping?
          2.  Are clients running openvpn as admin? (win 7 / vista)
          3.  Can we see screen shots of your LAN and OPENVPN tabs?
          4.  What is the IP of your AD server?
          5.  When you are pinging around, are you pinging by IP or hostname?
          6.  Post routing table on PFsense.

          1 Reply Last reply Reply Quote 0
          • C Offline
            Clone1B
            last edited by May 21, 2012, 11:13 AM May 21, 2012, 9:16 AM

            Thanks for the replies. I'll try some of the suggestions out and let you know. For now…

            1.  Is the software firewall disabled on any hosts you're trying to ping?
            Yes
            2.  Are clients running openvpn as admin? (win 7 / vista)
            Is this an issue? They haven't been but they can
            3.  Can we see screen shots of your LAN and OPENVPN tabs?
            They're set to wildcard any, allow all from all
            4.  What is the IP of your AD server?
            192.168.6.2, LDAP auth is working fine
            5.  When you are pinging around, are you pinging by IP or hostname?
            IP
            6.

            Edit: After disabling windows FW (for the second time, likes to re-enable itself) and setting the gateway to the pfsense box I can pass traffic back and forth between pfSense and the OpenVPN client. Thanks a ton guys!

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received