Firewalling and VPN 101
-
pfSense 2.1.5 amd64
OpenVPN site-to-site between four locations - A: server, B, C, D: clientI can ping from all of the devices on the client networks to the pfsense server LAN interface but nothing past that - I can't ping/communicate with anything on the LAN subnet. I've done this a few times and it always works so I know I'm missing something real simple here but I can't see it.
The VPNs connect just fine but I can't get on the LAN of each client from the server and vice versa.
Server:
Firewall/WAN Rules:
[empty], IPv4UDP, <public 1="" ip="" of="" remote="" office="">, *, WAN Address, 1194, *, None, [empty]
[empty], IPv4UDP, <public 2="" ip="" of="" remote="" office="">, *, WAN Address, 1195, *, None, [empty]
[empty], IPv4UDP, <public 3="" ip="" of="" remote="" office="">, *, WAN Address, 1196, *, None, [empty]Firewall/LAN Rules:
[empty], IPv4 *, *, *, *, *, [empty]Firewall/OpenVPN Rules:
[empty], IPv4 *, *, *, *, *, [empty]Client B, C, D
Firewall/WAN Rules:
(rule for remote administration)Firewall/LAN Rules:
[empty], IPv4 *, *, *, *, *, [empty]Firewall/OpenVPN Rules:
[empty], IPv4 *, *, *, *, *, [empty]So as you can see the rules are pretty loose at this point.
Server A:
LAN: 192.168.1.0/24Client B:
LAN: 192.168.4.0/24
Tunnel network: 172.16.1.0/30Client C:
LAN: 192.168.8.0/24
Tunnel network: 172.16.2.0/30Client D:
LAN: 192.168.6.0/24
Tunnel network: 172.16.3.0/30Any ideas?
thank you.</public></public></public>
-
Are you positive you're not seeing a software firewall (think windows firewall) on the client that thinks the remote networks are just that and not allowing traffic in, resulting in no response?
-
I'll remote in and make sure all the Windows firewalls are stopped. thanks for the idea.
-
that darn Windows firewall. Gets me every time!
Thanks, that was the problem. After I ran "netsh advfirewall set allprofiles state off" command on a few machines on different subnets, they were able to talk to each other.
thank you for your suggestion; it was spot on.
