Cannot ping some devices across openvpn



  • Hello,

    I have a strange issue with OpenVPN.
    I can ping and access some devices fine, but cannot access to some others..

    My setup is simple :
    10.94.10.0/24 my LAN net
    10.254.94.0/24 my OpenVPN net

    10.94.10.254/24 is my PfSense address on lan.
    10.94.10.10/24 is a Netgear NAS (its gateway is 10.94.10.254)
    10.94.10.201/24 is a random printer (its gateway is 10.94.10.254)

    If i try to ping as follow from pfsense/diagnostic/ping :
    ping 10.94.10.10 from LAN : OK
    ping 10.94.10.201 from LAN : OK
    ping 10.94.10.10 from OpenVPN : KO
    ping 10.94.10.201 from OpenVPN : OK

    I have exactly same symptoms with diagnostic/test ports.
    test port 80 10.94.10.10 from LAN : OK
    test port 80 10.94.10.201 from LAN : OK
    test port 80 10.94.10.10 from OpenVPN : KO
    test port 80 10.94.10.201 from OpenVPN : OK

    Also, i cannot NAT anything to 10.94.10.10

    Im away from this device atm (and can't access it) but im pretty sure JumboFrames is enabled on this device. I don't know about MTU. Could it be the reason ?
    If so, is there any way to sort it out without touching NAS settings ?

    Thanks a lot for your help.



  • Post your openvpn config (server1.conf).



  • Thank you Marvosa. Here it is.

    dev ovpns1
    verb 1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto tcp-server
    cipher AES-256-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/openvpn.attributes.sh
    client-disconnect /usr/local/sbin/openvpn.attributes.sh
    local 192.168.10.254
    tls-server
    server 10.254.94.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    client-cert-not-required
    username-as-common-name
    auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'EK-CERT-VPN' 1 "
    lport 443
    management /var/etc/openvpn/server1.sock unix
    max-clients 5
    push "route 10.94.10.0 255.255.255.0"
    push "dhcp-option DOMAIN ek.local"
    push "dhcp-option DNS 10.94.10.254"
    push "register-dns"
    push "dhcp-option NTP 10.94.10.254"
    duplicate-cn
    ca /var/etc/openvpn/server1.ca 
    cert /var/etc/openvpn/server1.cert 
    key /var/etc/openvpn/server1.key 
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    persist-remote-ip
    float
    
    

  • LAYER 8 Global Moderator

    you sure your nas doesn't have a firewall blocking access from anything not on its own network… This is very common!!!



  • The NAS is quite old and does not have such a rule (in appearance in web interface). I'll try to have a look at it more closely (and see if i can access it via putty or something) but i doubt. That would be strange for a NAS to sell it builtin with such a rule.



  • The config looks ok.  So, there's a couple things:

    • Make sure there's a route to 10.94.10.0/24 in your client's routing table upon connection.  If not, verify that you're running the OpenVPN client as admin.

    • It looks like you're double NAT'ing.  If you have access to the modem or edge device, the easiest fix is to put your modem in to bridge mode, so PFsense gets a public IP and everything will start working.  Otherwise, you may need to add a route to the edge device that points the OpenVPN tunnel network towards PFsense.


Log in to reply