Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Setup remote access: remote host not accessible

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Floh
      last edited by

      Hi,
      my colleague is pulling out her hair. I took a look into her openVPN configuration. It looks reasonable.

      She were trying to setup openVPN on remote pfsense so we can access remote hosts by using openVPN. Unfortunatelly we cannot access remote host (ping failed). So what could be wrong?

      This is our current setup:

      General information

      Disable this server: not ticked
      Server Mode: Remote Access (SSL/TLS + User Auth)
      Backend for authentication: Local Database
      Protocol: UDP
      Device Mode: tun
      Interface: WAN
      Local Port: 1194
      Description: vvVPN
      

      Cryptographic Settings

      I think the settings are fine here.
      

      Tunnel Settings

      Tunnel Network: 10.0.8.0/24
      Redirect Gateway: not ticked
      Local Network: 192.168.101.0/24
      Concurrent connections: 2
      Compression: ticked
      Type-of-Service: not ticked
      Inter-client communication: not ticked	
      Duplicate Connections: not ticked
      

      Client Settings

      Dynamic IP: ticked
      Address Pool: ticked
      DNS Default Domain: not ticked
      DNS Servers: not ticked
      NTP Servers: not ticked
      NetBIOS Options: not ticked
      

      Advanced configuration

      Advanced: [empty]
      

      We tried to ping remote host 192.168.101.11 but it failed.

      There are a firewall rule for openVPN in tab "openVPN" (created by openVPN Wizard) which allows everythin from everywhere to everywhere.

      So, what could be wrong?

      cu Floh

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        Couple things:

        • In the Cryptographic Settings section, make sure you have a Peer Certificate Revocation List listed

        • If the remote host has a software firewall enabled, make sure it is configured to respond to icmp

        • What is the IP of the machine you are coming from?  Make sure it's not on the 192.168.101.0/24 network

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.