Can ping eveything but remote network

OpenVPN
Log in to reply
  • U

    Hi all:

    I have a site2site openvpn connection. Local network is 192.168.0.0/24 and remote network is 192.168.103.0/24. Tunnel network is 10.2.0.0/24.

    I can ping everything from the firewall because the request come from 10.2.0.0 interface. The same on both sites.

    From 0 (local) can not ping 103 (remote) but can ping 10.2.0.1 (local tunnel interface) and 10.2.0.2 (remote tunnel interface). The same on the remote site. Is so strange… I can see routes in the routing table.... Every thing is open on openvpn firewall tab...

    Any idea?

    Best regards.

    0
  • johnpoz
    LAYER 8 Global Moderator

    And what are you trying to ping on the other side?  Most window machines firewall by default block ping if not from local network..

    0
  • U

    This isn't the problem. When I do a ping from local pfsense (10.2.0.1) to 192.168.103.1 ( remote lan pfsense) or to 103.5 (linux machine) it works. But when from the local pfsense I do a ping with -S 192.168.0.1 (lan of the local pfsense) don't work.

    Thank you very much

    0
  • D

    Normally, this is all very simple once you've got your setup talking to any  remote devices through the OpenVPN tunnel, it's all good.

    Perhaps we've got a little terminology confusion about your setup, never mind remote and local (which is prone to confusing which is which in a conversation).
    Let's try:

    SiteA
    LAN  192.168.0.0/24
          pfs-LANA - 192.168.0.1
          Win1    - 192.168.0.??
          Linux1  - 192.168.0.??

    OpenVPN Tunnel 10.2.0.0/24

    SiteB
    LAN    192.168.103.0/24
          pfs-LANB - 192.168.103.1
          Win2 - 192.168.103.??
          Linux2 - 192.168.103.5

    Your description suggests you've been doing your pings from one or the other of the pfSense boxes, either via the GUI-Diagnostics Ping or (better) via a shell login.
    Normally, there's no need to login/use/shell into the 10.2.0.x tunnel addresses if you've got connectivity working at all.
    There's usually no issue getting to either of the pfs-LANA/LANB interfaces from the other, so you can usually shell into both quite easily via their normal LAN Nics.

    As johnpoz suggested the issues are normally somewhere other than the OpenVPN tunnel once you get this far.

    Can you describe exactly what you've done to this point (using the above terminology to avoid confusion)?
    You say you can ping the Linux2 box, can you shell into it and try your pings from there?
    Do you actually have a Linux1 box you can try your pings from as well?

    0
  • U

    Thanks for the answers….

    You are right. Site A and Site B is as you describe. Here the results of the test:

    From pfsense A:

    ping -S 192.168.0.1 192.168.103.1 ->No answer
    ping -S 192.168.0.1 10.2.0.2 (Tunel ip in pfesne B) -> Answer
    ping -S 10.2.0.1 192.168.103.1 -> answer

    From linux machine (192.168.0.5) in A

    ping 192.168.103.1 -> No answer
    ping 10.2.0.2 -> Answer

    From pfsense B, same result

    Regards.

    0
  • U

    Finaly, erasing and re doing the configuration now it works right…

    Thank your every body for your help.

    Regards.

    0
  • D

    Glad you got it figured out.

    Don't be stranger to the forums (even it's only to eavesdrop) a lot to be learned around here.  ;)

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy