• Hi, i've created 4 OpenVPN Server. 1,2 and 3 are working properly and can access server shared folder.
    Problem: 4th OpenVPN server tunnel connected but i can't ping ip address from Pfsense Client OpenVPN.
    What's seems to be the problem i already check my configuration and firewall rules. thanks







  • How can we help when you have provided zero details?  We don't even know what you're doing.  Provide a network map, post your configs (server1.conf) and clarify what you're doing… i.e. do you have 4 separate road warrior setups or 4 boxes all connected via site-to-site tunnels?


  • dev ovpns4
    dev-type tun
    tun-ipv6
    dev-node /dev/tun4
    writepid /var/run/openvpn_server4.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 124.6.187.219
    ifconfig 10.10.4.1 10.10.4.2
    lport 1197
    management /var/etc/openvpn/server4.sock unix
    push "route 172.26.32.0 255.255.255.0"
    route 192.168.1.0 255.255.255.0
    secret /var/etc/openvpn/server4.secret
    comp-lzo

    dev ovpnc1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    nobind
    management /var/etc/openvpn/client1.sock unix
    remote 124.6.187.219 1198
    ifconfig 10.10.5.2 10.10.5.1
    route 172.26.32.0 255.255.255.0
    secret /var/etc/openvpn/client1.secret


  • Head Office  <–-  BRANCH 1
                        <---      BRANCH 2
                        <---      BRANCH 3
                        <---      BRANCH 4
                          <---      BRANCH 5

    I want all branch office can access shared folder on the head office. What will be my ideal VPN setup.on

    as of now i already created a OpenVPN and all branches are connected successfully to the head office but branch 4 and branch 5 cannot view the shared folder at the head office. What seems to be the problem. Thanks


  • Post some details of:

    1. your OpenVPN settings,
    2. the subnets you are using for each office and the OpenVPN tunnels.
    3. rules on OpenVPN tab
    4. rules on each LAN

    Do you have 5 OpenVPN servers, each listening on a different port at head office?
    Or just 1 server taking connections from all 5 clients?

    If you have clients 1,2,3 working then it really should be just checking that the settings for 4 and 5 are the same, but using different private subnets at office 4 and 5 and for tunnel 4 and 5.


  • i think the problem is my client subnets use in our branch.

    branch 1 192.168.0.0
                  255.255.255.0
    branch 2 192.168.1.0
                  255.255.255.0
    branch 3 192.168.2.0
                  255.255.255.0
    branch 4 192.168.1.0
                  255.255.255.0
    branch 5 192.168.0.0
                  255.255.255.0

    sir, is other way 4 & 5 branch can access HO shared folder without changing the their subnets?thank

  • LAYER 8 Netgate

    Yup, 1:1 NAT.  Total PITA.  Probably easier to renumber.  Especially in the long run.


  • It's a routed tunnel, so every subnet behind each segment needs to be different or it breaks the routing.

    In the short term, you need to change LAN subnets @ either 1 and 2 or 4 and 5 to make this work.  Long term, I think most would agree that all 5 branches should be changed… they are too common... you're just asking for problems down the road.


  • Like the others have said, change your IP subnets all over. If these really are branches of an organisation, then make an IP address plan for the whole organisation. Allocate each branch office a chunk of private address space bigger than they need now. Even give them each a whole /16 out of the 10 network, for example:

    10.128.0.0/16 Main
    10.129.0.0/16 Branch 1
    10.130.0.0/16 Branch 2
    10.131.0.0/16 Branch 3
    10.132.0.0/16 Branch 4

    Then a branch can make various LANs, guest subnets… all in this space, and your main office VPN settings can just have like Remote Network/s 10.130.0.0/16 and all the traffic that goes to that branch is covered by just 1 route. The branch can then do whatever inside that and still the VPN route is the same.

    Once the initial pain is over, then you can sit back, drink coffee and enjoy life :)


  • thanks a lot guys. i appreciate your help and info.  ;)