Newbie Help: OpenVPN/PfSense. Connected, but can't ping LAN
Posted: Thu Dec 25, 2014 7:14 am
Hello...
I've installed OpenVPN on my PfSense server and have successfully configured it and connected with my Windows client. That connection can ping the OpenVPN/PfSense server and use the internet just fine. It cannot, however, ping LAN computers on the server side. I've configured my firewall to allow all traffic from the OpenVPN interface to all destinations. I've also configured it to allow all LAN traffic to all destinations. The PfSense box is the only default gateway on the network, so the OpenVPN server is also the default gateway.
Here's my server.conf:
And the client:
I'm struggling to understand what could be causing this. Any help would be greatly appreciated. Let me know if I've left any important bits out and I'll get them added ASAP.
Thanks,
Rocky
I've installed OpenVPN on my PfSense server and have successfully configured it and connected with my Windows client. That connection can ping the OpenVPN/PfSense server and use the internet just fine. It cannot, however, ping LAN computers on the server side. I've configured my firewall to allow all traffic from the OpenVPN interface to all destinations. I've also configured it to allow all LAN traffic to all destinations. The PfSense box is the only default gateway on the network, so the OpenVPN server is also the default gateway.
Here's my server.conf:
Code: Select all
dev ovpns1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local <Correct Public IP>
tls-server
server 10.0.1.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "route 192.168.248.0 255.255.255.0"
push "dhcp-option DNS 192.168.248.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float
topology subnet
Code: Select all
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 75.120.156.104 1194 udp
lport 0
verify-x509-name "MyOpenVPN-Server-Cert" name
auth-user-pass
pkcs12 pfsense-udp-1194-rockjock.p12
tls-auth pfsense-udp-1194-rockjock-tls.key 1
ns-cert-type server
comp-lzo
Thanks,
Rocky