Can ping in only one direction

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
NasKar
OpenVpn Newbie
Posts: 14
Joined: Tue Nov 01, 2016 10:54 pm

Can ping in only one direction

Post by NasKar » Sat May 30, 2020 1:37 pm

I have a pfsense server setup that works dialing in from my iphone and also on my remote computer (subnet 192.168.1.0/24) to my main subnet(192.168.5.0/24). If I ping from the main subnet to the remote computer or remote router I get request timed out. Here is the redacted openvpn.conf on my remote machine.

Code: Select all

dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote mydomain.ddns.net 1195 udp4
lport 0
verify-x509-name "my_cert" name
remote-cert-tls server
comp-lzo adaptive
What am I missing to get bidirection site to site VPN?

User avatar
Pippin
Forum Team
Posts: 833
Joined: Wed Jul 01, 2015 8:03 am

Re: Can ping in only one direction

Post by Pippin » Sat May 30, 2020 1:46 pm

This question is better asked on Netgate forums:
https://forum.netgate.com

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7604
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can ping in only one direction

Post by TinCanTech » Sat May 30, 2020 2:10 pm

This is also useful:
https://community.openvpn.net/openvpn/w ... versubnet.

This will help you to get help in future:
viewtopic.php?f=30&t=22603

NasKar
OpenVpn Newbie
Posts: 14
Joined: Tue Nov 01, 2016 10:54 pm

Re: Can ping in only one direction

Post by NasKar » Sun May 31, 2020 12:17 am

TinCanTech,
Thanks for the links, I've read it serveral times but still having issues . Hopefully I can figure out what the conf files should look like with some help.
My ovpn.conf

Code: Select all

dev ovpns4
verb 4
dev-type tun
dev-node /dev/tun4
writepid /var/run/openvpn_server4.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 173.64.98.42
tls-server
server 172.16.2.0 255.255.255.252
client-config-dir /var/etc/openvpn-csc/server4
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'plex2_cert' 1"
lport 1195
management /var/etc/openvpn/server4.sock unix
max-clients 10
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server4.ca 
cert /var/etc/openvpn/server4.cert 
key /var/etc/openvpn/server4.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server4.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
comp-lzo adaptive
persist-remote-ip
float
I believe this is pfsense version of your ccd file. /var/etc/openvpn-csc/server4: cat Plex2Master

Code: Select all

push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
ifconfig-push 172.16.2.240 255.255.255.255
From the dd-wrt router openvpn.conf

Code: Select all

ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto udp4
cipher aes-256-cbc
auth sha256
remote mydomain.ddns.net 1195
comp-lzo adaptive
tun-mtu 1500
mtu-disc yes
fast-io
tls-auth /tmp/openvpncl/ta.key 1
verify-x509-name "plex2_cert" name;
ncp-ciphers AES-256-GCM:AES-128-GCM;
route 192.168.1.0 255.255.255.0;
resolv-retry infinite;

Post Reply