Roadwarrior Can't Ping Office LAN



  • I trying to use an OpenVPN connection at my office.  The connection happens just fine, but when I try to ping any address it comes back as failed.  Not just pings, but any other connections as well.  I have a dedicated SDSL line that is there to run the VPN connections.  This line is setup in PFSense as the VPN interface.  It is static.  There is another dynamic line that runs normal internet traffic.  I have fail over setup between the WAN and the VPN interfaces.  I have setup a firewall rule on the PFSense box that should route all port 1194 traffic to the "VPNFailToWAN" interface, but it still seems to push out replies to the client on the WAN interface which has a slower upload speed.  I have added that IP to the OpenVPN client config file for now and it connects seemingly fine.  When I try to ping or access services inside the office network, no luck.  Pinging 192.168.4.1 gives me "Destination Net Unreachable" whereas pinging 192.168.3.1 gives me "Request timed out".  Any ideas?

    Office subnet:  192.168.3.0
    Home subnet:  192.168.2.0

    OpenVPN client log:

    
    Thu May 22 22:31:45 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
    Thu May 22 22:31:45 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Thu May 22 22:31:45 2008 LZO compression initialized
    Thu May 22 22:31:45 2008 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Thu May 22 22:31:45 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Thu May 22 22:31:45 2008 Local Options hash (VER=V4): '41690919'
    Thu May 22 22:31:45 2008 Expected Remote Options hash (VER=V4): '530fdded'
    Thu May 22 22:31:45 2008 UDPv4 link local: [undef]
    Thu May 22 22:31:45 2008 UDPv4 link remote: (Static "VPN" interface) y.y.y.y:1194
    Thu May 22 22:31:45 2008 TLS: Initial packet from (Dyanmic "WAN" interface) x.x.x.x:1194, sid=6da0d933 7391b496
    Thu May 22 22:31:46 2008 VERIFY OK: depth=1, /C=x/ST=x/L=x/O=x/CN=x/emailAddress=x
    Thu May 22 22:31:46 2008 VERIFY OK: nsCertType=SERVER
    Thu May 22 22:31:46 2008 VERIFY OK: depth=0, /C=x/ST=x/L=x/O=x/CN=x/emailAddress=x
    Thu May 22 22:31:47 2008 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
    Thu May 22 22:31:47 2008 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-128-CBC'
    Thu May 22 22:31:47 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu May 22 22:31:47 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu May 22 22:31:47 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu May 22 22:31:47 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu May 22 22:31:47 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Thu May 22 22:31:47 2008 [JCCVPNServer] Peer Connection Initiated with x.x.x.x:1194
    Thu May 22 22:31:48 2008 SENT CONTROL [JCCVPNServer]: 'PUSH_REQUEST' (status=1)
    Thu May 22 22:31:48 2008 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN jcc.local,dhcp-option DNS 192.168.3.11,dhcp-option WINS 192.168.3.11,route 192.168.4.1,ping 10,ping-restart 60,route 192.168.4.0 255.255.255.0,ifconfig 192.168.4.6 192.168.4.5'
    Thu May 22 22:31:48 2008 OPTIONS IMPORT: timers and/or timeouts modified
    Thu May 22 22:31:48 2008 OPTIONS IMPORT: --ifconfig/up options modified
    Thu May 22 22:31:48 2008 OPTIONS IMPORT: route options modified
    Thu May 22 22:31:48 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Thu May 22 22:31:48 2008 TAP-WIN32 device [Local Area Connection 9] opened: \\.\Global\{x}.tap
    Thu May 22 22:31:48 2008 TAP-Win32 Driver Version 8.4 
    Thu May 22 22:31:48 2008 TAP-Win32 MTU=1500
    Thu May 22 22:31:48 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.4.6/255.255.255.252 on interface {x} [DHCP-serv: 192.168.4.5, lease-time: 31536000]
    Thu May 22 22:31:48 2008 Successful ARP Flush on interface [393220] {x}
    Thu May 22 22:31:48 2008 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
    Thu May 22 22:31:48 2008 route ADD 192.168.4.1 MASK 255.255.255.255 192.168.4.5
    Thu May 22 22:31:48 2008 Route addition via IPAPI succeeded
    Thu May 22 22:31:48 2008 route ADD 192.168.4.0 MASK 255.255.255.0 192.168.4.5
    Thu May 22 22:31:48 2008 Route addition via IPAPI succeeded
    Thu May 22 22:31:48 2008 Initialization Sequence Completed
    

Log in to reply