Cannot ping one way on openvpn
-
Hello,
We have two pfsense gateways.
The server running: 2.0.1-RELEASE
The client pfsense: 2.1-BETA0I can ping perfectly fine on pfsense, boths way etc no problem. On the server side a client can ping the local network no problem.
The problem I have is with the client vpn, any computers connected to that cannot ping. I have watched tcpdump and can see the ping being passed to the gateway, also watched tcpdump on the server gateway and see the icmp come through. So it looks like it gets there but does not have a return path? I cannot work out whats up with it.
Here is me pinging from a computer on the client side of the vpn:
10:24:47.340101 IP 172.18.1.51 > 192.168.1.35: ICMP echo request, id 1, seq 2051, length 40
Then the server side gets the ping
14:24:47.318466 IP 172.18.1.51 > 192.168.1.35: ICMP echo request, id 1, seq 2051, length 40
but thats it, no return path.
All the routes seem to be correct. Remember that it does work perfectly fine on the actual gateways.
I have replicated the whole setup on a test setup and it works fine ::)
-
so you have this?
pcA– (pfsense client vpn) --- vpn ---- (pfsense vpn server) -- pcB
So pcA can not ping pcB, but pcB can ping pcA?
-
yeah thats correct
but on pfsense all pings are ok.
-
so client pfsense can ping both pca and pcb, and server pfsense can ping both pca and pcb
what are the networks on each side, and what do the route tables look like on pca and pcb?
Did you follow this guide?
http://doc.pfsense.org/index.php/OpenVPN_Site_To_Site -
pCA side cannot. The clients cannot ping any addresses on pcB.
But pcB can ping clients on pcA.
I followed this guide
http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)
-
if the both pfa & b can ping clients on either side its more then likely a firewalling issue. check by doing the same pings from pfa or b and specifying the lan interface to ping from
-
Hi ScOrian, did you find your problem, because I encounter almost exactly the same and I find no solution !
For me, like you, from pf all is ok but pcA cannot ping pcB and vice-versa !