4. PfSense can't ping VPN Client on TUN network

PfSense can't ping VPN Client on TUN network

  • M

    Hello,

    i've got a strange problem:

    My clients can connect to the internal network over OpenVPN (from pfSense 2.1) without any problem. They have pushed routes and are able to reach all internal networks like intended. I can ping all internal servers/clients but not the other way around.

    There is no problem with the Windows firewall of the clients. Two OpenVPN(TUN)-clients can see and ping each other while connected over the vpn with their virtual ip addresses 192.168.37.2 and .3. . All routing tables (internal clients/servers, pfSense itself and OpenVPN-Clients) are correct. The problem:

    The pfSense cannot even ping its own gateway-ip for the OpenVPN virtual tunnel network adapter (192.168.37.1) - though it is listet in the routing table correctly.

    The Problem must be the routing/firewall of the pfSense.

    Does anybody have a hint for me?

    Thank You.
    Martin

    0
  • M

    I think I found the problem:

    Mar 20 12:13:10 openvpn[24400]: OpenVPN 2.3.2 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Mar 20 12:13:10 openvpn[24400]: WARNING: using –duplicate-cn and --client-config-dir together is probably not what you want
    Mar 20 12:13:10 openvpn[24400]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Mar 20 12:13:10 openvpn[24400]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Mar 20 12:13:10 openvpn[24400]: TUN/TAP device ovpns1 exists previously, keep at program end
    Mar 20 12:13:10 openvpn[24400]: TUN/TAP device /dev/tun1 opened
    Mar 20 12:13:10 openvpn[24400]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Mar 20 12:13:10 openvpn[24400]: /sbin/ifconfig ovpns1 192.168.37.1 192.168.37.1 mtu 1500 netmask 255.255.255.0 up
    Mar 20 12:13:10 openvpn[24400]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1558 192.168.37.1 255.255.255.0 init
    Mar 20 12:13:10 openvpn[26354]: UDPv4 link local (bound): [AF_INET]192.168.12.29:1194
    Mar 20 12:13:10 openvpn[26354]: UDPv4 link remote: [undef]
    Mar 20 12:13:10 openvpn[26354]: Initialization Sequence Completed

    In the OpenVPN-logs i can see that the ovpns1 virtual adapter is initialized with this command:

    /sbin/ifconfig ovpns1 192.168.37.1 192.168.37.1 mtu 1500 netmask 255.255.255.0 up

    Is it correct to list the ip address here twice and how can i change that from shell without completely reconfiguring the the openvpn server through web frontend?

    0
  • D
    Banned

    @marteng:

    Is it correct to list the ip address here twice and how can i change that from shell without completely reconfiguring the the openvpn server through web frontend?

    There is nothing to fix here, leave it alone.

    0
  • M

    Thank you, i can see that.

    Another pfsense is working without problems and I can ping the ovpns-Interface ip-address of the tunnel network from the pfsense itself. So it must be a problem with the pfSense-installation I'm testing right now. I will backup the setup and reinstall it this evening.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy