Openvpn connected but vpn client can't ping some server but all server can ping

Reply to Openvpn connected but vpn client can't ping some server but all server can ping on Tue, 19 Mar 2013 18:30:10 GMT

marvosa — Tue, 19 Mar 2013 18:30:10 GMT

Can you re-phrase? I'm not following what you said.

Reply to Openvpn connected but vpn client can't ping some server but all server can ping on Tue, 19 Mar 2013 03:23:48 GMT

gdalth — Tue, 19 Mar 2013 03:23:48 GMT

sorry because Ips do not real Ips. I setting IP LAN exactly with sunetmask 21.

Reply to Openvpn connected but vpn client can't ping some server but all server can ping on Mon, 18 Mar 2013 02:32:48 GMT

marvosa — Mon, 18 Mar 2013 02:32:48 GMT

Looks like a subnet/routing/config issue:

Your LAN is configured with 10.0.8.0/24, but you are pushing 10.8.0.0/21 to your clients.

Edit your LAN subnet accordingly.

Reply to Openvpn connected but vpn client can't ping some server but all server can ping on Mon, 18 Mar 2013 01:08:52 GMT

gdalth — Mon, 18 Mar 2013 01:08:52 GMT

To Metu69salemi

trafic to vpn interface * * * * * *.
push route 10.8.0.0, i has ping PCs have IP from DHCP

To Marvosa
Net map: Internet–-----pfsense (allow all)-------LAN (10.8.0.0/21).
LAN: - IP static ex 10.8.0.1-10.8.1.254
- IP dynamic from DHCP scope 10.8.4.0 -10.8.4.254
- DNS 10.8.0.1
- GW df pfsense
- option scapoe dhcp: DNS, GW
firewall allow all on interface LAN
firewall allow all on interface OpenVPN
from PC has IP static i can ping vpn client but from vpn client i can't ping PC has ip static, only ping PCs has IP dynamic
server cf:
dev ovpns1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local ...
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "route 10.8.0.0 255.255.248.0"
push "dhcp-option DOMAIN btp.com.vn"
push "dhcp-option DNS 10.8.0.1"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float

client cf
dev tun
persist-tun
persist-key
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote ... 1194 udp
tls-remote OpenVPNsrvCert
auth-user-pass
ca pfSense-udp-1194-user-ca.crt
cryptoapicert "SUBJ:user"
tls-auth pfSense-udp-1194-user-tls.key 1
comp-lzo

Reply to Openvpn connected but vpn client can't ping some server but all server can ping on Sat, 16 Mar 2013 19:46:58 GMT

marvosa — Sat, 16 Mar 2013 19:46:58 GMT

Post your config, firewall rules and a network map, so we can help.

Reply to Openvpn connected but vpn client can't ping some server but all server can ping on Thu, 14 Mar 2013 19:29:37 GMT

Metu69salemi — Thu, 14 Mar 2013 19:29:37 GMT

Few possible reasons:

You haven't allowed trafic to vpn interface from your intranet-sites
VPN-client doesn't have route to other machines, you can use advanced setting "push route"…