Openvpn connected but vpn client can't ping some server but all server can ping



  • Help me.
    My LAN 10.8.0.0/21. DHCP scope 10.8.4.0. pf is GW default for LAN.
    I'm has connected openvpn. vpnclient has Ip 10.0.8.6.
    I can ping PCs with IP in scope DHCP and I can browse sites intranet.
    But I can't ping PCs has IP static and Ip of sites intranet. However at PCs has Ip static and server sites intranet i can ping vpn client (stop firewall for server). Why??
    Config standard openvpn by vizards.
    Everybody can help me??



  • Few possible reasons:

    1. You haven't allowed trafic to vpn interface from your intranet-sites
    2. VPN-client doesn't have route to other machines, you can use advanced setting "push route"…


  • Post your config, firewall rules and a network map, so we can help.



  • To Metu69salemi

    • trafic to vpn interface * * * * * *.
    • push route 10.8.0.0, i has ping PCs have IP from DHCP

    To Marvosa
    Net map: Internet–-----pfsense (allow all)-------LAN (10.8.0.0/21).
    LAN: - IP static ex 10.8.0.1-10.8.1.254
          - IP dynamic from DHCP scope 10.8.4.0 -10.8.4.254
          - DNS 10.8.0.1
          - GW df pfsense
          - option scapoe dhcp: DNS, GW
    firewall allow all on interface LAN
    firewall allow all on interface OpenVPN
    from PC has IP static i can ping vpn client but from vpn client i can't ping PC has ip static, only ping PCs has IP dynamic
    server cf:
    dev ovpns1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local ...
    tls-server
    server 10.0.8.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    username-as-common-name
    auth-user-pass-verify /var/etc/openvpn/server1.php via-env
    tls-verify /var/etc/openvpn/server1.tls-verify.php
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 10
    push "route 10.8.0.0 255.255.248.0"
    push "dhcp-option DOMAIN btp.com.vn"
    push "dhcp-option DNS 10.8.0.1"
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.1024
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo
    persist-remote-ip
    float

    client cf
    dev tun
    persist-tun
    persist-key
    cipher AES-128-CBC
    tls-client
    client
    resolv-retry infinite
    remote ... 1194 udp
    tls-remote OpenVPNsrvCert
    auth-user-pass
    ca pfSense-udp-1194-user-ca.crt
    cryptoapicert "SUBJ:user"
    tls-auth pfSense-udp-1194-user-tls.key 1
    comp-lzo



  • Looks like a subnet/routing/config issue:

    Your LAN is configured with 10.0.8.0/24, but you are pushing 10.8.0.0/21 to your clients.

    Edit your LAN subnet accordingly.



  • sorry because Ips do not real Ips. I setting IP LAN exactly with sunetmask 21.



  • Can you re-phrase?  I'm not following what you said.


Log in to reply