Can't ping any Lan clients …
-
Hi,
I'm new to openvpn, but I have managed to set up a roadwarrior configuration using the setup guide at
http://pfsense.untouchable.net/tutorials/openvpn/pfsense-ovpn.pdfI can connect to my firewall from outside and I get an ip address. My address pool is set to 10.10.71.0/24 and my local network is set to 10.10.70.0/24
I can ping 10.10.70.1 which is my firewall box, but not any other client on the network. I have set up the firewall routes as intructed opening port 1194 on the Wan side and a pass rule for any Lan subnet inside the lan.
What am I doing wrong?
Thanks for any help
/Mattias
 -
Here are my firewall rules for my Wan
/Mattias
 -
and Lan…
 -
The config looks good.
Can you ping 10.10.70.1 ?
Does your VPN client get a route to your LAN?
(check the routing-table on the client) -
I can ping 10.10.70.1 but no other host. My route PRINT looks like this:
H:>route PRINT
Interface List
0x1 …........................ MS TCP Loopback interface
0x2 ...00 ff 34 d0 6b 68 ...... TAP-Win32 Adapter V9
0x10004 ...00 1c 23 0c 06 a9 ...... Broadcom NetXtreme 57xx Gigabit Controller
0x40005 ...00 1b 77 b7 8c b9 ...... Intel(R) PRO/Wireless 3945ABG Network Connec
tion===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.1.4 172.16.10.29 10
10.10.70.0 255.255.255.0 10.10.71.5 10.10.71.6 1
10.10.71.0 255.255.255.0 10.10.71.5 10.10.71.6 1
10.10.71.4 255.255.255.252 10.10.71.6 10.10.71.6 30
10.10.71.6 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.10.71.6 10.10.71.6 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 172.16.10.29 172.16.10.29 30
172.16.0.0 255.255.0.0 172.16.10.29 172.16.10.29 10
172.16.10.29 255.255.255.255 127.0.0.1 127.0.0.1 10
172.16.255.255 255.255.255.255 172.16.10.29 172.16.10.29 10
224.0.0.0 240.0.0.0 10.10.71.6 10.10.71.6 30
224.0.0.0 240.0.0.0 172.16.10.29 172.16.10.29 10
255.255.255.255 255.255.255.255 10.10.71.6 40005 1
255.255.255.255 255.255.255.255 10.10.71.6 10.10.71.6 1
255.255.255.255 255.255.255.255 172.16.10.29 172.16.10.29 1
Default Gateway: 172.16.1.4Persistent Routes:
None -
If you can ping the IP of pfSense on the LAN-side then there is no problem with pfSense.
Are you sure that the targeted IP you want to ping does not have a Firewall of its own? (Windows-Firewall?) -
I found the problem, I had my internal Lan set up with an 8 bit netmask instead of 24. Therefore the traffic didn't find it's way back to the router as it didn't need to routed… I set the internal address with 24 as in the config and problem solved. :)
Thanks!
/Mattias
-
same problem here with pfsense 1.2-rc4…i tried out ipsec and openvpn (site to site), same problem.
internal network first VPN-Server: 172.16.0.0/16 (Gateway: 172.16.0.3)
internal network VPN-Client: 192.168.201.0/24 (Gateway: 192.168.201.1)behind the VPN-Client i can ping the Gateway on 172.16.0.3, but nothing else (172.16.1.31 for example doesn't work).
behind the VPN-Server i can ping the Gateway on 192.168.201.1, but nothing else (192.168.201.254 for example doesn't work).i'm really confused now...any ideas?
some screenshots of my config:
-
solved, i have 2 gateways in both networks, so i have to add the routes to the non-pfsense gateways :-/
