Can ping eveything but remote network

usuarioforum

Hi all:

I have a site2site openvpn connection. Local network is 192.168.0.0/24 and remote network is 192.168.103.0/24. Tunnel network is 10.2.0.0/24.

I can ping everything from the firewall because the request come from 10.2.0.0 interface. The same on both sites.

From 0 (local) can not ping 103 (remote) but can ping 10.2.0.1 (local tunnel interface) and 10.2.0.2 (remote tunnel interface). The same on the remote site. Is so strange… I can see routes in the routing table.... Every thing is open on openvpn firewall tab...

Any idea?

Best regards.

johnpoz

And what are you trying to ping on the other side?  Most window machines firewall by default block ping if not from local network..

usuarioforum

This isn't the problem. When I do a ping from local pfsense (10.2.0.1) to 192.168.103.1 ( remote lan pfsense) or to 103.5 (linux machine) it works. But when from the local pfsense I do a ping with -S 192.168.0.1 (lan of the local pfsense) don't work.

Thank you very much

divsys

Normally, this is all very simple once you've got your setup talking to any  remote devices through the OpenVPN tunnel, it's all good.

Perhaps we've got a little terminology confusion about your setup, never mind remote and local (which is prone to confusing which is which in a conversation).
Let's try:

SiteA
LAN  192.168.0.0/24
      pfs-LANA - 192.168.0.1
      Win1    - 192.168.0.??
      Linux1  - 192.168.0.??

OpenVPN Tunnel 10.2.0.0/24

SiteB
LAN    192.168.103.0/24
      pfs-LANB - 192.168.103.1
      Win2 - 192.168.103.??
      Linux2 - 192.168.103.5

Your description suggests you've been doing your pings from one or the other of the pfSense boxes, either via the GUI-Diagnostics Ping or (better) via a shell login.
Normally, there's no need to login/use/shell into the 10.2.0.x tunnel addresses if you've got connectivity working at all.
There's usually no issue getting to either of the pfs-LANA/LANB interfaces from the other, so you can usually shell into both quite easily via their normal LAN Nics.

As johnpoz suggested the issues are normally somewhere other than the OpenVPN tunnel once you get this far.

Can you describe exactly what you've done to this point (using the above terminology to avoid confusion)?
You say you can ping the Linux2 box, can you shell into it and try your pings from there?
Do you actually have a Linux1 box you can try your pings from as well?

usuarioforum

Thanks for the answers….

You are right. Site A and Site B is as you describe. Here the results of the test:

From pfsense A:

ping -S 192.168.0.1 192.168.103.1 ->No answer
ping -S 192.168.0.1 10.2.0.2 (Tunel ip in pfesne B) -> Answer
ping -S 10.2.0.1 192.168.103.1 -> answer

From linux machine (192.168.0.5) in A

ping 192.168.103.1 -> No answer
ping 10.2.0.2 -> Answer

From pfsense B, same result

Regards.

usuarioforum

Finaly, erasing and re doing the configuration now it works right…

Thank your every body for your help.

Regards.

divsys

Glad you got it figured out.

Don't be stranger to the forums (even it's only to eavesdrop) a lot to be learned around here.  ;)