Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can ping and connect to hosts except .1, the one I need

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      d00der
      last edited by

      I have OpenVPN running well in pfSense, I can connect and clients are given a 172.16.14.0/24 address.

      I can connect to any machine on the LAN subnet 172.16.11.0/24 EXCEPT the one I really need to– 172.16.11.1. It's an old SCO Unix box that isn't picky about clients, and just to be safe I've added a rule to allow any traffic from the OpenVPN subnet to it, but no dice. I know that .1 is usually reserved for gateways (I didn't set up this network), could that somehow be the problem? I've never had any issues ever connecting to this box so I have no idea where to start.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Nothing special about .1. I'm guessing that box probably has the wrong or no default gateway configured, or a wrong subnet mask (if it's 172.16.11.1/16, it won't route via gateway to the VPN network).

        1 Reply Last reply Reply Quote 0
        • D
          d00der
          last edited by

          Thanks for the suggestion, but I just checked and there is a route entry to the gateway with the correct subnet mask…

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            Initial guess would be something in the box refusing your traffic, have you tried something other than just a ping, SSH?
            Can you temporarily disable any firewalls?

            Could either try and move the box's address to see if the problem moves with the box, or traffic sniff to make sure the packets are moving at all.

            -jfp

            1 Reply Last reply Reply Quote 0
            • D
              d00der
              last edited by

              Thanks for the reply. Yeah I've tried SSH, telnet, FTP and so on. Nothing will connect. Unfortunately the IP is hard coded into pretty much everything here so I'm stuck as far as isolating the issue there.

              But I never thought of sniffing the traffic to see exactly what's going on. So thank you for the suggestion.

              For now, the few people that have to VPN into it, I've just created a login on a linux box using their same login/pass that automatically opens a session on the SCO. Quick and dirty but it works for now.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                You could also switch to hybrid outbound NAT (or manual) and add a rule to NAT outbound on the internal interface from a source of the VPN subnet to a destination of .1, natting to the firewall's address in that subnet. If that works, there is definitely a filter or routing/gateway issue of some sort on .1

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.