Cannot ping some devices across openvpn
I have a strange issue with OpenVPN.
I can ping and access some devices fine, but cannot access to some others..
My setup is simple :
10.94.10.0/24 my LAN net
10.254.94.0/24 my OpenVPN net
10.94.10.254/24 is my PfSense address on lan.
10.94.10.10/24 is a Netgear NAS (its gateway is 10.94.10.254)
10.94.10.201/24 is a random printer (its gateway is 10.94.10.254)
If i try to ping as follow from pfsense/diagnostic/ping :
ping 10.94.10.10 from LAN : OK
ping 10.94.10.201 from LAN : OK
ping 10.94.10.10 from OpenVPN : KO
ping 10.94.10.201 from OpenVPN : OK
I have exactly same symptoms with diagnostic/test ports.
test port 80 10.94.10.10 from LAN : OK
test port 80 10.94.10.201 from LAN : OK
test port 80 10.94.10.10 from OpenVPN : KO
test port 80 10.94.10.201 from OpenVPN : OK
Also, i cannot NAT anything to 10.94.10.10
Im away from this device atm (and can't access it) but im pretty sure JumboFrames is enabled on this device. I don't know about MTU. Could it be the reason ?
If so, is there any way to sort it out without touching NAS settings ?
Thanks a lot for your help.
marvosa last edited by
Post your openvpn config (server1.conf).
Thank you Marvosa. Here it is.
dev ovpns1 verb 1 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto tcp-server cipher AES-256-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local 192.168.10.254 tls-server server 10.254.94.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc client-cert-not-required username-as-common-name auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'EK-CERT-VPN' 1 " lport 443 management /var/etc/openvpn/server1.sock unix max-clients 5 push "route 10.94.10.0 255.255.255.0" push "dhcp-option DOMAIN ek.local" push "dhcp-option DNS 10.94.10.254" push "register-dns" push "dhcp-option NTP 10.94.10.254" duplicate-cn ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server1.tls-auth 0 persist-remote-ip float
you sure your nas doesn't have a firewall blocking access from anything not on its own network… This is very common!!!
The NAS is quite old and does not have such a rule (in appearance in web interface). I'll try to have a look at it more closely (and see if i can access it via putty or something) but i doubt. That would be strange for a NAS to sell it builtin with such a rule.
marvosa last edited by
The config looks ok. So, there's a couple things:
Make sure there's a route to 10.94.10.0/24 in your client's routing table upon connection. If not, verify that you're running the OpenVPN client as admin.
It looks like you're double NAT'ing. If you have access to the modem or edge device, the easiest fix is to put your modem in to bridge mode, so PFsense gets a public IP and everything will start working. Otherwise, you may need to add a route to the edge device that points the OpenVPN tunnel network towards PFsense.