• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Cannot ping one way on openvpn

Scheduled Pinned Locked Moved OpenVPN
7 Posts 4 Posters 5.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Sc0rian
    last edited by Sep 14, 2012, 1:35 PM Sep 14, 2012, 1:24 PM

    Hello,

    We have two pfsense gateways.

    The server running: 2.0.1-RELEASE
    The client pfsense: 2.1-BETA0

    I can ping perfectly fine on pfsense, boths way etc no problem. On the server side a client can ping the local network no problem.

    The problem I have is with the client vpn, any computers connected to that cannot ping. I have watched tcpdump and can see the ping being passed to the gateway, also watched tcpdump on the server gateway and see the icmp come through. So it looks like it gets there but does not have a return path? I cannot work out whats up with it.

    Here is me pinging from  a computer on the client side of the vpn:

    10:24:47.340101 IP 172.18.1.51 > 192.168.1.35: ICMP echo request, id 1, seq 2051, length 40

    Then the server side gets the ping

    14:24:47.318466 IP 172.18.1.51 > 192.168.1.35: ICMP echo request, id 1, seq 2051, length 40

    but thats it, no return path.

    All the routes seem to be correct. Remember that it does work perfectly fine on the actual gateways.

    I have replicated the whole setup on a test setup and it works fine  ::)

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Sep 14, 2012, 3:52 PM

      so you have this?

      pcA– (pfsense client vpn) --- vpn ---- (pfsense vpn server) -- pcB

      So pcA can not ping pcB, but pcB can ping pcA?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • S
        Sc0rian
        last edited by Sep 14, 2012, 4:16 PM

        yeah thats correct

        but on pfsense all pings are ok.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Sep 14, 2012, 4:25 PM Sep 14, 2012, 4:22 PM

          so client pfsense can ping both pca and pcb, and server pfsense can ping both pca and pcb

          what are the networks on each side, and what do the route tables look like on pca and pcb?

          Did you follow this guide?
          http://doc.pfsense.org/index.php/OpenVPN_Site_To_Site

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • S
            Sc0rian
            last edited by Sep 18, 2012, 3:06 PM

            pCA  side cannot. The clients cannot ping any addresses on pcB.

            But pcB can ping clients on pcA.

            I followed this guide

            http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)

            1 Reply Last reply Reply Quote 0
            • H
              heper
              last edited by Sep 18, 2012, 9:13 PM

              if the both pfa & b can ping clients on either side its more then likely a firewalling issue. check by doing the same pings from pfa or b and specifying the lan interface to ping from

              1 Reply Last reply Reply Quote 0
              • A
                AlPri
                last edited by Oct 20, 2012, 2:18 PM

                Hi ScOrian, did you find your problem, because I encounter almost exactly the same and I find no solution !

                For me, like you, from pf all is ok but pcA cannot ping pcB and vice-versa !

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received