Openvpn connected but vpn client can't ping some server but all server can ping
- 
 Help me. 
 My LAN 10.8.0.0/21. DHCP scope 10.8.4.0. pf is GW default for LAN.
 I'm has connected openvpn. vpnclient has Ip 10.0.8.6.
 I can ping PCs with IP in scope DHCP and I can browse sites intranet.
 But I can't ping PCs has IP static and Ip of sites intranet. However at PCs has Ip static and server sites intranet i can ping vpn client (stop firewall for server). Why??
 Config standard openvpn by vizards.
 Everybody can help me??
- 
 Few possible reasons: - You haven't allowed trafic to vpn interface from your intranet-sites
- VPN-client doesn't have route to other machines, you can use advanced setting "push route"…
 
- 
 Post your config, firewall rules and a network map, so we can help. 
- 
 To Metu69salemi - trafic to vpn interface * * * * * *.
- push route 10.8.0.0, i has ping PCs have IP from DHCP
 To Marvosa 
 Net map: Internet–-----pfsense (allow all)-------LAN (10.8.0.0/21).
 LAN: - IP static ex 10.8.0.1-10.8.1.254
 - IP dynamic from DHCP scope 10.8.4.0 -10.8.4.254
 - DNS 10.8.0.1
 - GW df pfsense
 - option scapoe dhcp: DNS, GW
 firewall allow all on interface LAN
 firewall allow all on interface OpenVPN
 from PC has IP static i can ping vpn client but from vpn client i can't ping PC has ip static, only ping PCs has IP dynamic
 server cf:
 dev ovpns1
 dev-type tun
 dev-node /dev/tun1
 writepid /var/run/openvpn_server1.pid
 #user nobody
 #group nobody
 script-security 3
 daemon
 keepalive 10 60
 ping-timer-rem
 persist-tun
 persist-key
 proto udp
 cipher AES-128-CBC
 up /usr/local/sbin/ovpn-linkup
 down /usr/local/sbin/ovpn-linkdown
 local ...
 tls-server
 server 10.0.8.0 255.255.255.0
 client-config-dir /var/etc/openvpn-csc
 username-as-common-name
 auth-user-pass-verify /var/etc/openvpn/server1.php via-env
 tls-verify /var/etc/openvpn/server1.tls-verify.php
 lport 1194
 management /var/etc/openvpn/server1.sock unix
 max-clients 10
 push "route 10.8.0.0 255.255.248.0"
 push "dhcp-option DOMAIN btp.com.vn"
 push "dhcp-option DNS 10.8.0.1"
 ca /var/etc/openvpn/server1.ca
 cert /var/etc/openvpn/server1.cert
 key /var/etc/openvpn/server1.key
 dh /etc/dh-parameters.1024
 tls-auth /var/etc/openvpn/server1.tls-auth 0
 comp-lzo
 persist-remote-ip
 floatclient cf 
 dev tun
 persist-tun
 persist-key
 cipher AES-128-CBC
 tls-client
 client
 resolv-retry infinite
 remote ... 1194 udp
 tls-remote OpenVPNsrvCert
 auth-user-pass
 ca pfSense-udp-1194-user-ca.crt
 cryptoapicert "SUBJ:user"
 tls-auth pfSense-udp-1194-user-tls.key 1
 comp-lzo
- 
 Looks like a subnet/routing/config issue: Your LAN is configured with 10.0.8.0/24, but you are pushing 10.8.0.0/21 to your clients. Edit your LAN subnet accordingly. 
- 
 sorry because Ips do not real Ips. I setting IP LAN exactly with sunetmask 21. 
- 
 Can you re-phrase? I'm not following what you said.