Can ping and connect to hosts except .1, the one I need
I have OpenVPN running well in pfSense, I can connect and clients are given a 172.16.14.0/24 address.
I can connect to any machine on the LAN subnet 172.16.11.0/24 EXCEPT the one I really need to– 172.16.11.1. It's an old SCO Unix box that isn't picky about clients, and just to be safe I've added a rule to allow any traffic from the OpenVPN subnet to it, but no dice. I know that .1 is usually reserved for gateways (I didn't set up this network), could that somehow be the problem? I've never had any issues ever connecting to this box so I have no idea where to start.
cmb last edited by
Nothing special about .1. I'm guessing that box probably has the wrong or no default gateway configured, or a wrong subnet mask (if it's 172.16.11.1/16, it won't route via gateway to the VPN network).
Thanks for the suggestion, but I just checked and there is a route entry to the gateway with the correct subnet mask…
divsys last edited by
Initial guess would be something in the box refusing your traffic, have you tried something other than just a ping, SSH?
Can you temporarily disable any firewalls?
Could either try and move the box's address to see if the problem moves with the box, or traffic sniff to make sure the packets are moving at all.
Thanks for the reply. Yeah I've tried SSH, telnet, FTP and so on. Nothing will connect. Unfortunately the IP is hard coded into pretty much everything here so I'm stuck as far as isolating the issue there.
But I never thought of sniffing the traffic to see exactly what's going on. So thank you for the suggestion.
For now, the few people that have to VPN into it, I've just created a login on a linux box using their same login/pass that automatically opens a session on the SCO. Quick and dirty but it works for now.
You could also switch to hybrid outbound NAT (or manual) and add a rule to NAT outbound on the internal interface from a source of the VPN subnet to a destination of .1, natting to the firewall's address in that subnet. If that works, there is definitely a filter or routing/gateway issue of some sort on .1