Client can't ping lan
-
Hi, i've created 4 OpenVPN Server. 1,2 and 3 are working properly and can access server shared folder.
Problem: 4th OpenVPN server tunnel connected but i can't ping ip address from Pfsense Client OpenVPN.
What's seems to be the problem i already check my configuration and firewall rules. thanks
-
How can we help when you have provided zero details? We don't even know what you're doing. Provide a network map, post your configs (server1.conf) and clarify what you're doing… i.e. do you have 4 separate road warrior setups or 4 boxes all connected via site-to-site tunnels?
-
dev ovpns4
dev-type tun
tun-ipv6
dev-node /dev/tun4
writepid /var/run/openvpn_server4.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 124.6.187.219
ifconfig 10.10.4.1 10.10.4.2
lport 1197
management /var/etc/openvpn/server4.sock unix
push "route 172.26.32.0 255.255.255.0"
route 192.168.1.0 255.255.255.0
secret /var/etc/openvpn/server4.secret
comp-lzodev ovpnc1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
nobind
management /var/etc/openvpn/client1.sock unix
remote 124.6.187.219 1198
ifconfig 10.10.5.2 10.10.5.1
route 172.26.32.0 255.255.255.0
secret /var/etc/openvpn/client1.secret -
Head Office <–- BRANCH 1
<--- BRANCH 2
<--- BRANCH 3
<--- BRANCH 4
<--- BRANCH 5I want all branch office can access shared folder on the head office. What will be my ideal VPN setup.on
as of now i already created a OpenVPN and all branches are connected successfully to the head office but branch 4 and branch 5 cannot view the shared folder at the head office. What seems to be the problem. Thanks
-
Post some details of:
- your OpenVPN settings,
- the subnets you are using for each office and the OpenVPN tunnels.
- rules on OpenVPN tab
- rules on each LAN
Do you have 5 OpenVPN servers, each listening on a different port at head office?
Or just 1 server taking connections from all 5 clients?If you have clients 1,2,3 working then it really should be just checking that the settings for 4 and 5 are the same, but using different private subnets at office 4 and 5 and for tunnel 4 and 5.
-
i think the problem is my client subnets use in our branch.
branch 1 192.168.0.0
255.255.255.0
branch 2 192.168.1.0
255.255.255.0
branch 3 192.168.2.0
255.255.255.0
branch 4 192.168.1.0
255.255.255.0
branch 5 192.168.0.0
255.255.255.0sir, is other way 4 & 5 branch can access HO shared folder without changing the their subnets?thank
-
Yup, 1:1 NAT. Total PITA. Probably easier to renumber. Especially in the long run.
-
It's a routed tunnel, so every subnet behind each segment needs to be different or it breaks the routing.
In the short term, you need to change LAN subnets @ either 1 and 2 or 4 and 5 to make this work. Long term, I think most would agree that all 5 branches should be changed… they are too common... you're just asking for problems down the road.
-
Like the others have said, change your IP subnets all over. If these really are branches of an organisation, then make an IP address plan for the whole organisation. Allocate each branch office a chunk of private address space bigger than they need now. Even give them each a whole /16 out of the 10 network, for example:
10.128.0.0/16 Main
10.129.0.0/16 Branch 1
10.130.0.0/16 Branch 2
10.131.0.0/16 Branch 3
10.132.0.0/16 Branch 4Then a branch can make various LANs, guest subnets… all in this space, and your main office VPN settings can just have like Remote Network/s 10.130.0.0/16 and all the traffic that goes to that branch is covered by just 1 route. The branch can then do whatever inside that and still the VPN route is the same.
Once the initial pain is over, then you can sit back, drink coffee and enjoy life :)
-
thanks a lot guys. i appreciate your help and info. ;)
