Can't ping any Lan clients …



  • Hi,

    I'm new to openvpn, but I have managed to set up a roadwarrior configuration using the setup guide at
    http://pfsense.untouchable.net/tutorials/openvpn/pfsense-ovpn.pdf

    I can connect to my firewall from outside and I get an ip address. My address pool is set to 10.10.71.0/24 and my local network is set to 10.10.70.0/24

    I can ping 10.10.70.1 which is my firewall box, but not any other client on the network. I have set up the firewall routes as intructed opening port 1194 on the Wan side and a pass rule for any Lan subnet inside the lan.

    What am I doing wrong?

    Thanks for any help

    /Mattias
    ![pfsense.local - OpenVPN- Server- Edit_1199440616816.png](/public/imported_attachments/1/pfsense.local - OpenVPN- Server- Edit_1199440616816.png)
    ![pfsense.local - OpenVPN- Server- Edit_1199440616816.png_thumb](/public/imported_attachments/1/pfsense.local - OpenVPN- Server- Edit_1199440616816.png_thumb)



  • Here are my firewall rules for my Wan

    /Mattias

    ![pfsense.local - Firewall- Rules_1199919438656.png](/public/imported_attachments/1/pfsense.local - Firewall- Rules_1199919438656.png)
    ![pfsense.local - Firewall- Rules_1199919438656.png_thumb](/public/imported_attachments/1/pfsense.local - Firewall- Rules_1199919438656.png_thumb)



  • and Lan…

    ![pfsense.local - Firewall- Rules_1199919453625.png](/public/imported_attachments/1/pfsense.local - Firewall- Rules_1199919453625.png)
    ![pfsense.local - Firewall- Rules_1199919453625.png_thumb](/public/imported_attachments/1/pfsense.local - Firewall- Rules_1199919453625.png_thumb)



  • The config looks good.
    Can you ping 10.10.70.1 ?
    Does your VPN client get a route to your LAN?
    (check the routing-table on the client)



  • I can ping 10.10.70.1 but no other host. My route PRINT looks like this:

    H:>route PRINT

    Interface List
    0x1 …........................ MS TCP Loopback interface
    0x2 ...00 ff 34 d0 6b 68 ...... TAP-Win32 Adapter V9
    0x10004 ...00 1c 23 0c 06 a9 ...... Broadcom NetXtreme 57xx Gigabit Controller
    0x40005 ...00 1b 77 b7 8c b9 ...... Intel(R) PRO/Wireless 3945ABG Network Connec
    tion

    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway      Interface  Metric
              0.0.0.0          0.0.0.0      172.16.1.4    172.16.10.29      10
          10.10.70.0    255.255.255.0      10.10.71.5      10.10.71.6      1
          10.10.71.0    255.255.255.0      10.10.71.5      10.10.71.6      1
          10.10.71.4  255.255.255.252      10.10.71.6      10.10.71.6      30
          10.10.71.6  255.255.255.255        127.0.0.1      127.0.0.1      30
      10.255.255.255  255.255.255.255      10.10.71.6      10.10.71.6      30
            127.0.0.0        255.0.0.0        127.0.0.1      127.0.0.1      1
          169.254.0.0      255.255.0.0    172.16.10.29    172.16.10.29      30
          172.16.0.0      255.255.0.0    172.16.10.29    172.16.10.29      10
        172.16.10.29  255.255.255.255        127.0.0.1      127.0.0.1      10
      172.16.255.255  255.255.255.255    172.16.10.29    172.16.10.29      10
            224.0.0.0        240.0.0.0      10.10.71.6      10.10.71.6      30
            224.0.0.0        240.0.0.0    172.16.10.29    172.16.10.29      10
      255.255.255.255  255.255.255.255      10.10.71.6          40005      1
      255.255.255.255  255.255.255.255      10.10.71.6      10.10.71.6      1
      255.255.255.255  255.255.255.255    172.16.10.29    172.16.10.29      1
    Default Gateway:        172.16.1.4

    Persistent Routes:
      None



  • If you can ping the IP of pfSense on the LAN-side then there is no problem with pfSense.
    Are you sure that the targeted IP you want to ping does not have a Firewall of its own? (Windows-Firewall?)



  • I found the problem, I had my internal Lan set up with an 8 bit netmask instead of 24. Therefore the traffic didn't find it's way back to the router as it didn't need to routed… I set the internal address with 24 as in the config and problem  solved. :)

    Thanks!

    /Mattias



  • same problem here with pfsense 1.2-rc4…i tried out ipsec and openvpn (site to site), same problem.

    internal network first VPN-Server: 172.16.0.0/16 (Gateway: 172.16.0.3)
    internal network VPN-Client: 192.168.201.0/24 (Gateway: 192.168.201.1)

    behind the VPN-Client i can ping the Gateway on 172.16.0.3, but nothing else (172.16.1.31 for example doesn't work).
    behind the VPN-Server i can ping the Gateway on 192.168.201.1, but nothing else (192.168.201.254 for example doesn't work).

    i'm really confused now...any ideas?

    some screenshots of my config:










  • solved, i have 2 gateways in both networks, so i have to add the routes to the non-pfsense gateways :-/


Log in to reply