Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site, connection established, but cannot ping or connect remote machines

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 4 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Ghlave
      last edited by

      I followed the post here pretty much exactly, only changing my ip schemes. I'm getting connected, and I can ping the server's lan ip from my remote network, but that's it, no other ips can be reached. The server does have a FW rule to allow UDP on 1194 on WAN, and there's another FW rule to allow EVERYTHING  on OpenVPN.

      I know this has got to be something simple, a route I've missed or a FW rule, but I just don't see it. Any ideas?

      Server network: 10.241.136.0/24
      Server lan ip: 10.241.136.3
      Client1 network: 192.168.168.0/24
      OpenVPN: 10.0.8.0/24

      1 Reply Last reply Reply Quote 0
      • M
        mhab12
        last edited by

        Make sure you have the appropriate 'allow OVPN' rules created on both ends of the connection.  I think this is what ended up being the cause of similar problems I had when I got our p2p OVPN  going.

        1 Reply Last reply Reply Quote 0
        • G
          Ghlave
          last edited by

          I did not have the 'allow everything on ovpn' rule on my client side. I just added it and still have similar results.

          The odd bit for me is that I can ping the lan interface ip of the server just fine from the remote client, but no other ips.

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi
            last edited by

            Does your other devices have correct gateway information?
            Are you sure, that other end does allow pinging from another subnet?

            1 Reply Last reply Reply Quote 0
            • G
              Ghlave
              last edited by

              @Metu69salemi:

              Does your other devices have correct gateway information?
              Are you sure, that other end does allow pinging from another subnet?

              Other devices? I'm pinging from a Windows 7 pc behind the remote site, it hits the server LAN ip just fine, just not any of the other ips, which are the same subnet as the server lan ip. I assuming since it's letting me ping that ip, I should be able to get to the rest as well.




              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                @Ghlave:

                I followed the post here pretty much exactly, only changing my ip schemes. I'm getting connected, and I can ping the server's lan ip from my remote network, but that's it, no other ips can be reached. The server does have a FW rule to allow UDP on 1194 on WAN, and there's another FW rule to allow EVERYTHING  on OpenVPN.

                I know this has got to be something simple, a route I've missed or a FW rule, but I just don't see it. Any ideas?

                Server network: 10.241.136.0/24
                Server lan ip: 10.241.136.3
                Client1 network: 192.168.168.0/24
                OpenVPN: 10.0.8.0/24

                So you can ping your server hooray, but what are those other devices what you can't ping?
                And does those other unpingable devices have correct gateway information?
                And have you tested any other means connectivity than ping? Because sometimes Antivirus softwares and such can block ping from another subnet.

                Have you any other subnet on remote-site where you need to connect? then solution might be simple push "route …..." on server config
                Have you started openvpn-client with admin rights?

                1 Reply Last reply Reply Quote 0
                • G
                  Ghlave
                  last edited by

                  @Metu69salemi:

                  So you can ping your server hooray, but what are those other devices what you can't ping?
                  And does those other unpingable devices have correct gateway information?
                  And have you tested any other means connectivity than ping? Because sometimes Antivirus softwares and such can block ping from another subnet.

                  Have you any other subnet on remote-site where you need to connect? then solution might be simple push "route …..." on server config
                  Have you started openvpn-client with admin rights?

                  Specifically, I can't ping 10.241.136.10, which is my DC. It is normally pingable, I have setup openvpn on untangle previously and I could get to it just fine. I've also tried some random desktops. I have the firewalls so they will allow it and AV as well.

                  All of the PCs on the server network have a gateway of 10.241.136.1, which is our untangle box (both untangle and the pfsense box I've put in have separate internet exposed ips, as I'm trying to get off of untangle on onto pfsense).  I remoted to my personal laptop and removed the gateway of 10.241.136.1 to see if there would be an effect, and had no luck.

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis
                    last edited by

                    Server network: 10.241.136.0/24
                    Server lan ip: 10.241.136.3
                    Client1 network: 192.168.168.0/24
                    OpenVPN: 10.0.8.0/24

                    I think you mean that the pfSense LAN IP is 10.241.136.3 - in that case it will return ping because it knows the routing correctly back to client1 network.
                    Your DC and PCs on 10.241.136.0/24 need to know how to route to 192.168.168.0/24 - those packets have to go to your pfSense on 10.241.136.3, but they are going to your untangle router on 10.241.136.1.
                    For interim trials, you need to add a route in untangle that says 192.168.168.0/24 next hop 10.241.136.3
                    When you make your pfSense the main router, then the default route on the 10.241.136.0/24 DC and PCs need to be changed to 10.241.136.3 (or turn off untangle and change pfSense to 10.241.136.1). And for ordinary PCs, use DHCP on pfSense and they get their settings automatically.

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • M
                      Metu69salemi
                      last edited by

                      Phil make it earlier.

                      Problem itself is that remote-end clients have no way to know correct route and untangle's config has not been revealed.

                      1 Reply Last reply Reply Quote 0
                      • G
                        Ghlave
                        last edited by

                        @phil.davis:

                        I think you mean that the pfSense LAN IP is 10.241.136.3 - in that case it will return ping because it knows the routing correctly back to client1 network.
                        Your DC and PCs on 10.241.136.0/24 need to know how to route to 192.168.168.0/24 - those packets have to go to your pfSense on 10.241.136.3, but they are going to your untangle router on 10.241.136.1.
                        For interim trials, you need to add a route in untangle that says 192.168.168.0/24 next hop 10.241.136.3
                        When you make your pfSense the main router, then the default route on the 10.241.136.0/24 DC and PCs need to be changed to 10.241.136.3 (or turn off untangle and change pfSense to 10.241.136.1). And for ordinary PCs, use DHCP on pfSense and they get their settings automatically.

                        You hit the nail on the head. I got into work this morning, and I changed my laptop's gateway to 10.241.136.3, and I could ping back and forth to all clients.

                        1 Reply Last reply Reply Quote 0
                        • M
                          Metu69salemi
                          last edited by

                          End of the day, your gateway was "wrong"

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.