Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup remote access: remote host not accessible

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Floh
      last edited by

      Hi,
      my colleague is pulling out her hair. I took a look into her openVPN configuration. It looks reasonable.

      She were trying to setup openVPN on remote pfsense so we can access remote hosts by using openVPN. Unfortunatelly we cannot access remote host (ping failed). So what could be wrong?

      This is our current setup:

      General information

      Disable this server: not ticked
Server Mode: Remote Access (SSL/TLS + User Auth)
Backend for authentication: Local Database
Protocol: UDP
Device Mode: tun
Interface: WAN
Local Port: 1194
Description: vvVPN

      Cryptographic Settings

      I think the settings are fine here.

      Tunnel Settings

      Tunnel Network: 10.0.8.0/24
Redirect Gateway: not ticked
Local Network: 192.168.101.0/24
Concurrent connections: 2
Compression: ticked
Type-of-Service: not ticked
Inter-client communication: not ticked	
Duplicate Connections: not ticked

      Client Settings

      Dynamic IP: ticked
Address Pool: ticked
DNS Default Domain: not ticked
DNS Servers: not ticked
NTP Servers: not ticked
NetBIOS Options: not ticked

      Advanced configuration

      Advanced: [empty]

      We tried to ping remote host 192.168.101.11 but it failed.

      There are a firewall rule for openVPN in tab "openVPN" (created by openVPN Wizard) which allows everythin from everywhere to everywhere.

      So, what could be wrong?

      cu Floh

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        Couple things:

        • In the Cryptographic Settings section, make sure you have a Peer Certificate Revocation List listed

        • If the remote host has a software firewall enabled, make sure it is configured to respond to icmp

        • What is the IP of the machine you are coming from?  Make sure it's not on the 192.168.101.0/24 network

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.