Cannot ping some devices across openvpn
-
Hello,
I have a strange issue with OpenVPN.
I can ping and access some devices fine, but cannot access to some others..My setup is simple :
10.94.10.0/24 my LAN net
10.254.94.0/24 my OpenVPN net10.94.10.254/24 is my PfSense address on lan.
10.94.10.10/24 is a Netgear NAS (its gateway is 10.94.10.254)
10.94.10.201/24 is a random printer (its gateway is 10.94.10.254)If i try to ping as follow from pfsense/diagnostic/ping :
ping 10.94.10.10 from LAN : OK
ping 10.94.10.201 from LAN : OK
ping 10.94.10.10 from OpenVPN : KO
ping 10.94.10.201 from OpenVPN : OKI have exactly same symptoms with diagnostic/test ports.
test port 80 10.94.10.10 from LAN : OK
test port 80 10.94.10.201 from LAN : OK
test port 80 10.94.10.10 from OpenVPN : KO
test port 80 10.94.10.201 from OpenVPN : OKAlso, i cannot NAT anything to 10.94.10.10
Im away from this device atm (and can't access it) but im pretty sure JumboFrames is enabled on this device. I don't know about MTU. Could it be the reason ?
If so, is there any way to sort it out without touching NAS settings ?Thanks a lot for your help.
-
Post your openvpn config (server1.conf).
-
Thank you Marvosa. Here it is.
dev ovpns1 verb 1 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto tcp-server cipher AES-256-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local 192.168.10.254 tls-server server 10.254.94.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc client-cert-not-required username-as-common-name auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'EK-CERT-VPN' 1 " lport 443 management /var/etc/openvpn/server1.sock unix max-clients 5 push "route 10.94.10.0 255.255.255.0" push "dhcp-option DOMAIN ek.local" push "dhcp-option DNS 10.94.10.254" push "register-dns" push "dhcp-option NTP 10.94.10.254" duplicate-cn ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server1.tls-auth 0 persist-remote-ip float
-
you sure your nas doesn't have a firewall blocking access from anything not on its own network… This is very common!!!
-
The NAS is quite old and does not have such a rule (in appearance in web interface). I'll try to have a look at it more closely (and see if i can access it via putty or something) but i doubt. That would be strange for a NAS to sell it builtin with such a rule.
-
The config looks ok. So, there's a couple things:
-
Make sure there's a route to 10.94.10.0/24 in your client's routing table upon connection. If not, verify that you're running the OpenVPN client as admin.
-
It looks like you're double NAT'ing. If you have access to the modem or edge device, the easiest fix is to put your modem in to bridge mode, so PFsense gets a public IP and everything will start working. Otherwise, you may need to add a route to the edge device that points the OpenVPN tunnel network towards PFsense.
-