Openvpn connected but vpn client can't ping some server but all server can ping

  • Help me.
    My LAN DHCP scope pf is GW default for LAN.
    I'm has connected openvpn. vpnclient has Ip
    I can ping PCs with IP in scope DHCP and I can browse sites intranet.
    But I can't ping PCs has IP static and Ip of sites intranet. However at PCs has Ip static and server sites intranet i can ping vpn client (stop firewall for server). Why??
    Config standard openvpn by vizards.
    Everybody can help me??

  • Few possible reasons:

    1. You haven't allowed trafic to vpn interface from your intranet-sites
    2. VPN-client doesn't have route to other machines, you can use advanced setting "push route"…

  • Post your config, firewall rules and a network map, so we can help.

  • To Metu69salemi

    • trafic to vpn interface * * * * * *.
    • push route, i has ping PCs have IP from DHCP

    To Marvosa
    Net map: Internet–-----pfsense (allow all)-------LAN (
    LAN: - IP static ex
          - IP dynamic from DHCP scope -
          - DNS
          - GW df pfsense
          - option scapoe dhcp: DNS, GW
    firewall allow all on interface LAN
    firewall allow all on interface OpenVPN
    from PC has IP static i can ping vpn client but from vpn client i can't ping PC has ip static, only ping PCs has IP dynamic
    server cf:
    dev ovpns1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/
    #user nobody
    #group nobody
    script-security 3
    keepalive 10 60
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local ...
    client-config-dir /var/etc/openvpn-csc
    auth-user-pass-verify /var/etc/openvpn/server1.php via-env
    tls-verify /var/etc/openvpn/server1.tls-verify.php
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 10
    push "route"
    push "dhcp-option DOMAIN"
    push "dhcp-option DNS"
    ca /var/etc/openvpn/
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.1024
    tls-auth /var/etc/openvpn/server1.tls-auth 0

    client cf
    dev tun
    cipher AES-128-CBC
    resolv-retry infinite
    remote ... 1194 udp
    tls-remote OpenVPNsrvCert
    ca pfSense-udp-1194-user-ca.crt
    cryptoapicert "SUBJ:user"
    tls-auth pfSense-udp-1194-user-tls.key 1

  • Looks like a subnet/routing/config issue:

    Your LAN is configured with, but you are pushing to your clients.

    Edit your LAN subnet accordingly.

  • sorry because Ips do not real Ips. I setting IP LAN exactly with sunetmask 21.

  • Can you re-phrase?  I'm not following what you said.

Log in to reply