OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Newbie Help: OpenVPN/PfSense. Connected, but can't ping LAN

https://forums.openvpn.net/viewtopic.php?t=17819

Page 1 of 1

Newbie Help: OpenVPN/PfSense. Connected, but can't ping LAN

Posted: Thu Dec 25, 2014 7:14 am
by rockjock51
Hello...

I've installed OpenVPN on my PfSense server and have successfully configured it and connected with my Windows client. That connection can ping the OpenVPN/PfSense server and use the internet just fine. It cannot, however, ping LAN computers on the server side. I've configured my firewall to allow all traffic from the OpenVPN interface to all destinations. I've also configured it to allow all LAN traffic to all destinations. The PfSense box is the only default gateway on the network, so the OpenVPN server is also the default gateway.

Here's my server.conf:

Code: Select all

dev ovpns1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local <Correct Public IP>
tls-server
server 10.0.1.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "route 192.168.248.0 255.255.255.0"
push "dhcp-option DNS 192.168.248.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float
topology subnet
And the client:

Code: Select all

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 75.120.156.104 1194 udp
lport 0
verify-x509-name "MyOpenVPN-Server-Cert" name
auth-user-pass
pkcs12 pfsense-udp-1194-rockjock.p12
tls-auth pfsense-udp-1194-rockjock-tls.key 1
ns-cert-type server
comp-lzo
I'm struggling to understand what could be causing this. Any help would be greatly appreciated. Let me know if I've left any important bits out and I'll get them added ASAP.


Thanks,

Rocky

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Posted: Thu Dec 25, 2014 5:42 pm
by maikcat
your lan pcs , do they have firewall enabled?

Michael.

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Posted: Sat Dec 27, 2014 10:14 pm
by rockjock51
The one I'm trying to ping has the Windows Firewall completely disabled. Another is an Ubuntu Server that I can't SSH into either.

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Posted: Sat Dec 27, 2014 10:16 pm
by rockjock51
The one I'm trying to ping has the Windows firewall completely disabled. Another one that I'm trying to interact with is an Ubuntu Server that I also can't SSH to.

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Posted: Sun Dec 28, 2014 2:26 pm
by maikcat
please for testing disable you firewall (Except the nat rules),
also can you ping your vpn client from your lan pcs?

Michael.

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Posted: Fri Jan 16, 2015 11:42 pm
by Mikah
Hi
Please do a small change in server.conf, there is:

Code: Select all

push "route 192.168.248.0 255.255.255.0"
Should be:

Code: Select all

push "route 10.0.1.0 255.255.255.0"
Br.
Mike

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Posted: Sun Jan 18, 2015 4:30 pm
by Traffic
Mikah, you are incorrect.

push "route 10.0.1.0 255.255.255.0" is taken care of by correct use of --server 10.0.1.0 (above)

push "route 192.168.248.0 255.255.255.0" is required.

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping LAN

Posted: Tue Jan 28, 2020 10:21 am
by noor92
Hello,
I have the same problem, have you solved the problem?

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping LAN

Posted: Tue Jan 28, 2020 1:21 pm
by Pippin
This topic is quite old.
You are probably better served at Netgate forums.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/