Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn connected but vpn client can't ping some server but all server can ping

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gdalth
      last edited by

      Help me.
      My LAN 10.8.0.0/21. DHCP scope 10.8.4.0. pf is GW default for LAN.
      I'm has connected openvpn. vpnclient has Ip 10.0.8.6.
      I can ping PCs with IP in scope DHCP and I can browse sites intranet.
      But I can't ping PCs has IP static and Ip of sites intranet. However at PCs has Ip static and server sites intranet i can ping vpn client (stop firewall for server). Why??
      Config standard openvpn by vizards.
      Everybody can help me??

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        Few possible reasons:

        1. You haven't allowed trafic to vpn interface from your intranet-sites
        2. VPN-client doesn't have route to other machines, you can use advanced setting "push route"…
        1 Reply Last reply Reply Quote 0
        • M
          marvosa
          last edited by

          Post your config, firewall rules and a network map, so we can help.

          1 Reply Last reply Reply Quote 0
          • G
            gdalth
            last edited by

            To Metu69salemi

            • trafic to vpn interface * * * * * *.
            • push route 10.8.0.0, i has ping PCs have IP from DHCP

            To Marvosa
            Net map: Internet–-----pfsense (allow all)-------LAN (10.8.0.0/21).
            LAN: - IP static ex 10.8.0.1-10.8.1.254
                  - IP dynamic from DHCP scope 10.8.4.0 -10.8.4.254
                  - DNS 10.8.0.1
                  - GW df pfsense
                  - option scapoe dhcp: DNS, GW
            firewall allow all on interface LAN
            firewall allow all on interface OpenVPN
            from PC has IP static i can ping vpn client but from vpn client i can't ping PC has ip static, only ping PCs has IP dynamic
            server cf:
            dev ovpns1
            dev-type tun
            dev-node /dev/tun1
            writepid /var/run/openvpn_server1.pid
            #user nobody
            #group nobody
            script-security 3
            daemon
            keepalive 10 60
            ping-timer-rem
            persist-tun
            persist-key
            proto udp
            cipher AES-128-CBC
            up /usr/local/sbin/ovpn-linkup
            down /usr/local/sbin/ovpn-linkdown
            local ...
            tls-server
            server 10.0.8.0 255.255.255.0
            client-config-dir /var/etc/openvpn-csc
            username-as-common-name
            auth-user-pass-verify /var/etc/openvpn/server1.php via-env
            tls-verify /var/etc/openvpn/server1.tls-verify.php
            lport 1194
            management /var/etc/openvpn/server1.sock unix
            max-clients 10
            push "route 10.8.0.0 255.255.248.0"
            push "dhcp-option DOMAIN btp.com.vn"
            push "dhcp-option DNS 10.8.0.1"
            ca /var/etc/openvpn/server1.ca
            cert /var/etc/openvpn/server1.cert
            key /var/etc/openvpn/server1.key
            dh /etc/dh-parameters.1024
            tls-auth /var/etc/openvpn/server1.tls-auth 0
            comp-lzo
            persist-remote-ip
            float

            client cf
            dev tun
            persist-tun
            persist-key
            cipher AES-128-CBC
            tls-client
            client
            resolv-retry infinite
            remote ... 1194 udp
            tls-remote OpenVPNsrvCert
            auth-user-pass
            ca pfSense-udp-1194-user-ca.crt
            cryptoapicert "SUBJ:user"
            tls-auth pfSense-udp-1194-user-tls.key 1
            comp-lzo

            1 Reply Last reply Reply Quote 0
            • M
              marvosa
              last edited by

              Looks like a subnet/routing/config issue:

              Your LAN is configured with 10.0.8.0/24, but you are pushing 10.8.0.0/21 to your clients.

              Edit your LAN subnet accordingly.

              1 Reply Last reply Reply Quote 0
              • G
                gdalth
                last edited by

                sorry because Ips do not real Ips. I setting IP LAN exactly with sunetmask 21.

                1 Reply Last reply Reply Quote 0
                • M
                  marvosa
                  last edited by

                  Can you re-phrase?  I'm not following what you said.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.