Client can't ping lan
Hi, i've created 4 OpenVPN Server. 1,2 and 3 are working properly and can access server shared folder.
Problem: 4th OpenVPN server tunnel connected but i can't ping ip address from Pfsense Client OpenVPN.
What's seems to be the problem i already check my configuration and firewall rules. thanks
How can we help when you have provided zero details? We don't even know what you're doing. Provide a network map, post your configs (server1.conf) and clarify what you're doing… i.e. do you have 4 separate road warrior setups or 4 boxes all connected via site-to-site tunnels?
keepalive 10 60
ifconfig 10.10.4.1 10.10.4.2
management /var/etc/openvpn/server4.sock unix
push "route 172.26.32.0 255.255.255.0"
route 192.168.1.0 255.255.255.0
keepalive 10 60
management /var/etc/openvpn/client1.sock unix
remote 188.8.131.52 1198
ifconfig 10.10.5.2 10.10.5.1
route 172.26.32.0 255.255.255.0
Head Office <–- BRANCH 1
<--- BRANCH 2
<--- BRANCH 3
<--- BRANCH 4
<--- BRANCH 5
I want all branch office can access shared folder on the head office. What will be my ideal VPN setup.on
as of now i already created a OpenVPN and all branches are connected successfully to the head office but branch 4 and branch 5 cannot view the shared folder at the head office. What seems to be the problem. Thanks
Post some details of:
- your OpenVPN settings,
- the subnets you are using for each office and the OpenVPN tunnels.
- rules on OpenVPN tab
- rules on each LAN
Do you have 5 OpenVPN servers, each listening on a different port at head office?
Or just 1 server taking connections from all 5 clients?
If you have clients 1,2,3 working then it really should be just checking that the settings for 4 and 5 are the same, but using different private subnets at office 4 and 5 and for tunnel 4 and 5.
i think the problem is my client subnets use in our branch.
branch 1 192.168.0.0
branch 2 192.168.1.0
branch 3 192.168.2.0
branch 4 192.168.1.0
branch 5 192.168.0.0
sir, is other way 4 & 5 branch can access HO shared folder without changing the their subnets?thank
Yup, 1:1 NAT. Total PITA. Probably easier to renumber. Especially in the long run.
It's a routed tunnel, so every subnet behind each segment needs to be different or it breaks the routing.
In the short term, you need to change LAN subnets @ either 1 and 2 or 4 and 5 to make this work. Long term, I think most would agree that all 5 branches should be changed… they are too common... you're just asking for problems down the road.
Like the others have said, change your IP subnets all over. If these really are branches of an organisation, then make an IP address plan for the whole organisation. Allocate each branch office a chunk of private address space bigger than they need now. Even give them each a whole /16 out of the 10 network, for example:
10.129.0.0/16 Branch 1
10.130.0.0/16 Branch 2
10.131.0.0/16 Branch 3
10.132.0.0/16 Branch 4
Then a branch can make various LANs, guest subnets… all in this space, and your main office VPN settings can just have like Remote Network/s 10.130.0.0/16 and all the traffic that goes to that branch is covered by just 1 route. The branch can then do whatever inside that and still the VPN route is the same.
Once the initial pain is over, then you can sit back, drink coffee and enjoy life :)
thanks a lot guys. i appreciate your help and info. ;)