Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn, how to ping computers on the client side. XP Pro running the client.

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jdecker
      last edited by

      Hi everyone I have a question. I am running pfsense 2.0.3 at home and I am able to connect to my sever using  a Windows XP machine from my office just fine. I am  able to connect to my pfsense and ping the computers behind the pfsense box on the network.  What I would like to do is able to ping the computers on the client side of the network. I am able to ping the XP machine just fine but not the other machine on the client side.  So at this point, I am only to ping in one direction.
      I did some googling and read several articles but I don’t think I have grasped the whole concept yet about routing.  I’ve edited my ovpn file on the client side and also in the Advance Options side of pfsense but I have yet to be able to ping any of the machines on the XP client side.
      Here is my setup:

      Pfsense box
      LAN IP: 192.168.0.2
      TUN: 10.0.8.1

      Windows XP Pro (Openvpn Client)
      LAN: 10.16.210.55
      TUN:  10.0.8.6
      Here is my XP client ovpn file:

      client
      dev tun
      proto tcp
      remote myvpnserver.com  443
      ping 10
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      ca ca.crt
      cert  remote.crt
      key remote.key
      comp-lzo
      pull
      verb 3

      redirect-gateway def1

      So I guess you can say I am using my XP Pro as a router of sorts. Any help on this would be greatly appreciated…

      Thanks!

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        I don't think XP Pro is going to work like a router. But in any case, other machines on the office LAN will have their gateway set to the real office router, which takes them (and your XP Pro client) out to the internet. When a ping request comes from something on your home LAN (e.g. 192.168.0.11), even if it does make it all the way to the destination IP in your office, that office device will send the reply to the real office router, which does not know how to send the reply back.
        Is this an offfice of your own business?
        If so, then use pfSense as the office router and have a site-to-site OpenVPN link back to home.
        If not, then I doubt that the office wants their LAN devices to interact with things at your home.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • J Offline
          jdecker
          last edited by

          Thanks for the reply! Yes this is my office and I do IT work remotely and troubleshoot PCs. As you suggested, the best bet is setting up another pfsense box here at the office and making that the gateway. I figured I could "MacGyver" something up by tweaking IPEnableRouter registry setting on XP, and maybe using some coconuts and duct tape to make it work  ;D.. Thank again.

          1 Reply Last reply Reply Quote 0
          • P Offline
            phil.davis
            last edited by

            I don't know what you have now as your office router, but if it is not pfSense already, then I would replace it with pfSense. Then you have 1 router that can do it all easily.
            If you put a separate pfSense router in your office LAN somewhere, then you will have to add static route/s to your office router telling it about the pfSense and what subnets are reached through that.
            Also, I would change 192.168.0.0/24 at home to some other less popular private subnet - e.g. use something in 10.0.0.0/8. That will avoid pain when you take your laptop to a cafe that uses 192.168.0.0/24 and try to VPN back home.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.