Help needed



  • Hi guys!!
    Im kinda stuck here and need some help

    Ive configured my my OpenVPN and its happening a wierd thing
    I can connect to my OpenVPN server!! i can ping my pfsense box but i cant ping any other pc on the same network and yes it have my fpsense box as gateway.

    Ethernet adapter ovpn:

    Connection-specific DNS Suffix  . :
    IP Address. . . . . . . . . . . . : 10.0.10.6
    Subnet Mask . . . . . . . . . . . : 255.255.255.252
    Default Gateway . . . . . . . . . : 10.0.10.5

    My psense IP, ping response with OpenVPN client connected to pfsense

    C:>ping 192.168.1.60

    Pinging 192.168.1.60 with 32 bytes of data:

    Reply from 192.168.1.60: bytes=32 time=24ms TTL=64
    Reply from 192.168.1.60: bytes=32 time=22ms TTL=64
    Reply from 192.168.1.60: bytes=32 time=23ms TTL=64
    Reply from 192.168.1.60: bytes=32 time=30ms TTL=64

    Ping statistics for 192.168.1.60:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 22ms, Maximum = 30ms, Average = 24ms

    Now ping to someother pc on the same network behind pfsense box with OpenVPN connected

    C:>ping 192.168.1.21

    Pinging 192.168.1.21 with 32 bytes of data:

    Reply from 10.0.10.1: Destination port unreachable.
    Reply from 10.0.10.1: Destination port unreachable.
    Reply from 10.0.10.1: Destination port unreachable.
    Reply from 10.0.10.1: Destination port unreachable.

    Ping statistics for 192.168.1.21:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms

    OpenVPN LOG

    Sat Feb 09 00:58:07 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
    Sat Feb 09 00:58:07 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Sat Feb 09 00:58:10 2008 LZO compression initialized
    Sat Feb 09 00:58:10 2008 WARNING: normally if you use –mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
    Sat Feb 09 00:58:10 2008 Control Channel MTU parms [ L:1442 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Sat Feb 09 00:58:10 2008 Data Channel MTU parms [ L:1442 D:1442 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Sat Feb 09 00:58:10 2008 Local Options hash (VER=V4): '0e58d70c'
    Sat Feb 09 00:58:10 2008 Expected Remote Options hash (VER=V4): '878405d7'
    Sat Feb 09 00:58:10 2008 UDPv4 link local (bound): [undef]:1194
    Sat Feb 09 00:58:10 2008 UDPv4 link remote: 80...:1194
    Sat Feb 09 00:58:10 2008 TLS: Initial packet from 80.
    ..:1194, sid=7a9ec114 a1a64805
    Sat Feb 09 00:58:10 2008 VERIFY OK: depth=1, /C=PT/ST=Lisboa/L=Lisboa/O=ZetesBurtica/OU=IT/CN=ZetesBurtica_CA/emailAddress=mendes.p@pt..
    Sat Feb 09 00:58:10 2008 VERIFY OK: nsCertType=SERVER
    Sat Feb 09 00:58:10 2008 VERIFY OK: depth=0, /C=PT/ST=Lisboa/O=ZetesBurtica/OU=IT/CN=10.0.10.1
    Sat Feb 09 00:58:10 2008 Data Channel Encrypt: Cipher 'DES-EDE-CBC' initialized with 128 bit key
    Sat Feb 09 00:58:10 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Feb 09 00:58:10 2008 Data Channel Decrypt: Cipher 'DES-EDE-CBC' initialized with 128 bit key
    Sat Feb 09 00:58:10 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Feb 09 00:58:10 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Sat Feb 09 00:58:10 2008 [10.0.10.1] Peer Connection Initiated with 80.251.161.26:1194
    Sat Feb 09 00:58:11 2008 SENT CONTROL [10.0.10.1]: 'PUSH_REQUEST' (status=1)
    Sat Feb 09 00:58:12 2008 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,route 10.0.10.1,ping 10,ping-restart 60,ifconfig 10.0.10.6 10.0.10.5'
    Sat Feb 09 00:58:12 2008 OPTIONS IMPORT: timers and/or timeouts modified
    Sat Feb 09 00:58:12 2008 OPTIONS IMPORT: –ifconfig/up options modified
    Sat Feb 09 00:58:12 2008 OPTIONS IMPORT: route options modified
    Sat Feb 09 00:58:12 2008 TAP-WIN32 device [ovpn] opened: \.\Global{832FA0A1-BA5E-4F92-84F8-7B3FC8BA853D}.tap
    Sat Feb 09 00:58:12 2008 TAP-Win32 Driver Version 8.4
    Sat Feb 09 00:58:12 2008 TAP-Win32 MTU=1500
    Sat Feb 09 00:58:12 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.10.6/255.255.255.252 on interface {832FA0A1-BA5E-4F92-84F8-7B3FC8BA853D} [DHCP-serv: 10.0.10.5, lease-time: 31536000]
    Sat Feb 09 00:58:12 2008 Successful ARP Flush on interface [5] {832FA0A1-BA5E-4F92-84F8-7B3FC8BA853D}
    Sat Feb 09 00:58:12 2008 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
    Sat Feb 09 00:58:12 2008 Route: Waiting for TUN/TAP interface to come up…
    Sat Feb 09 00:58:13 2008 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
    Sat Feb 09 00:58:13 2008 Route: Waiting for TUN/TAP interface to come up...
    Sat Feb 09 00:58:14 2008 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
    Sat Feb 09 00:58:14 2008 route ADD 80...* MASK 255.255.255.255 192.168.3.254
    Sat Feb 09 00:58:14 2008 Route addition via IPAPI succeeded
    Sat Feb 09 00:58:14 2008 route ADD 0.0.0.0 MASK 128.0.0.0 10.0.10.5
    Sat Feb 09 00:58:14 2008 Route addition via IPAPI succeeded
    Sat Feb 09 00:58:14 2008 route ADD 128.0.0.0 MASK 128.0.0.0 10.0.10.5
    Sat Feb 09 00:58:14 2008 Route addition via IPAPI succeeded
    Sat Feb 09 00:58:14 2008 route ADD 192.168.1.0 MASK 255.255.255.0 10.0.10.5
    Sat Feb 09 00:58:14 2008 Route addition via IPAPI succeeded
    Sat Feb 09 00:58:14 2008 route ADD 10.0.10.1 MASK 255.255.255.255 10.0.10.5
    Sat Feb 09 00:58:14 2008 Route addition via IPAPI succeeded
    Sat Feb 09 00:58:14 2008 Initialization Sequence Completed

    Email and Public ip edited

    Anyone can give me some help?

    Tkx in advance



  • from what it sounds like is that you ahve your CIDR kinda wacked out.

    also make sure that the network that you are issuing to the remote clients does not interfer with the network there on.
    i had that mesed up when i started working with OVPN



  • Could you post the client and server config?



  • advanced outbound NAT  ???



  • Does your pfsense openvpn server have multiple WAN connections?
    What firewall rules do you have on the interface with the stations you're trying to ping?


Locked