PfSense 2.2.1 Citrix Xenserver OpenVPN problem

  • Hello Everybody!

    I've got a problem with my PfSense.
    I've got a Citrix XenServer Pool with a PFSense Virtual Router.
    If the router is on a pool member I cannot reach the pool member Phisical computer and the hosts on that computer from the VPN.
    From behind the VPN everything is OK!
    If the router is on the pool master I cannot conect to the whole pool.
    Ping is working traceroute is working fine. Cannot see any error in the log.
    Please help.
    And sorry for my bad english

  • Hi,

    I just got the same problem today.
    First a small visualization of the network:

    VPN Network (     |       Home network ( )
                                    |                                 |
    vpn client -----| Internet |------|router|------------------------|XenBox|
      windows                       |    *178.1                       |   |----dom0, *178.101
      *37.6                         |                                     |----domU pfSense, OpenVPN, *178.2
                                    |                                     |----domU Ubuntu Host, Webserver, *178.10

    The remote vpn client can connect to the OpenVPN server hosted on the pfSense box. After the connection is created it can ping / traceroute to all hosts in the Home netwrok. I also can create a tcp connection to the routers webserver and the webserver on the pfSense box. But i cant connect to "dom0" or "domU Ubuntu" (webserver, ssh).
    My Xen host has one physical nic at the moment which is shared by all doms.

    Sniffing (wireshark) a tcp handshake from "vpn client" -> "domU Ubuntu, *178.10" gives the following:

    "vpn client" -> "domU":  syn
    "domU" -> "vpn client": syn + ack
    "domU" -> "vpn client": retransmission syn + ack
    "domU" -> "vpn client": retransmission syn + ack
    "vpn client" -> "domU": spurious retransmission

    Sorry that i cant post the actual log. I didnt save it ….

    Thank you in advance,

  • Did either of you find a resolution for this issue?