Cannot ping one way on openvpn



  • Hello,

    We have two pfsense gateways.

    The server running: 2.0.1-RELEASE
    The client pfsense: 2.1-BETA0

    I can ping perfectly fine on pfsense, boths way etc no problem. On the server side a client can ping the local network no problem.

    The problem I have is with the client vpn, any computers connected to that cannot ping. I have watched tcpdump and can see the ping being passed to the gateway, also watched tcpdump on the server gateway and see the icmp come through. So it looks like it gets there but does not have a return path? I cannot work out whats up with it.

    Here is me pinging from  a computer on the client side of the vpn:

    10:24:47.340101 IP 172.18.1.51 > 192.168.1.35: ICMP echo request, id 1, seq 2051, length 40

    Then the server side gets the ping

    14:24:47.318466 IP 172.18.1.51 > 192.168.1.35: ICMP echo request, id 1, seq 2051, length 40

    but thats it, no return path.

    All the routes seem to be correct. Remember that it does work perfectly fine on the actual gateways.

    I have replicated the whole setup on a test setup and it works fine  ::)


  • LAYER 8 Global Moderator

    so you have this?

    pcA– (pfsense client vpn) --- vpn ---- (pfsense vpn server) -- pcB

    So pcA can not ping pcB, but pcB can ping pcA?



  • yeah thats correct

    but on pfsense all pings are ok.


  • LAYER 8 Global Moderator

    so client pfsense can ping both pca and pcb, and server pfsense can ping both pca and pcb

    what are the networks on each side, and what do the route tables look like on pca and pcb?

    Did you follow this guide?
    http://doc.pfsense.org/index.php/OpenVPN_Site_To_Site



  • pCA  side cannot. The clients cannot ping any addresses on pcB.

    But pcB can ping clients on pcA.

    I followed this guide

    http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)



  • if the both pfa & b can ping clients on either side its more then likely a firewalling issue. check by doing the same pings from pfa or b and specifying the lan interface to ping from



  • Hi ScOrian, did you find your problem, because I encounter almost exactly the same and I find no solution !

    For me, like you, from pf all is ok but pcA cannot ping pcB and vice-versa !


Log in to reply