Can ping in only one direction

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
NasKar
OpenVpn Newbie
Posts: 14
Joined: Tue Nov 01, 2016 10:54 pm

Can ping in only one direction

Post by NasKar » Sat May 30, 2020 1:37 pm

I have a pfsense server setup that works dialing in from my iphone and also on my remote computer (subnet 192.168.1.0/24) to my main subnet(192.168.5.0/24). If I ping from the main subnet to the remote computer or remote router I get request timed out. Here is the redacted openvpn.conf on my remote machine.

Code: Select all

dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote mydomain.ddns.net 1195 udp4
lport 0
verify-x509-name "my_cert" name
remote-cert-tls server
comp-lzo adaptive
What am I missing to get bidirection site to site VPN?
Top
User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Can ping in only one direction

Post by Pippin » Sat May 30, 2020 1:46 pm

This question is better asked on Netgate forums:
https://forum.netgate.com
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can ping in only one direction

Post by TinCanTech » Sat May 30, 2020 2:10 pm

This is also useful:
https://community.openvpn.net/openvpn/w ... versubnet.

This will help you to get help in future:
viewtopic.php?f=30&t=22603
Top
NasKar
OpenVpn Newbie
Posts: 14
Joined: Tue Nov 01, 2016 10:54 pm

Re: Can ping in only one direction

Post by NasKar » Sun May 31, 2020 12:17 am

TinCanTech,
Thanks for the links, I've read it serveral times but still having issues . Hopefully I can figure out what the conf files should look like with some help.
My ovpn.conf

Code: Select all

dev ovpns4
verb 4
dev-type tun
dev-node /dev/tun4
writepid /var/run/openvpn_server4.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 173.64.98.42
tls-server
server 172.16.2.0 255.255.255.252
client-config-dir /var/etc/openvpn-csc/server4
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'plex2_cert' 1"
lport 1195
management /var/etc/openvpn/server4.sock unix
max-clients 10
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server4.ca 
cert /var/etc/openvpn/server4.cert 
key /var/etc/openvpn/server4.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server4.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
comp-lzo adaptive
persist-remote-ip
float
I believe this is pfsense version of your ccd file. /var/etc/openvpn-csc/server4: cat Plex2Master

Code: Select all

push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
ifconfig-push 172.16.2.240 255.255.255.255
From the dd-wrt router openvpn.conf

Code: Select all

ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
management 127.0.0.1 16
management-log-cache 100
verb 3
mute 3
syslog
writepid /var/run/openvpncl.pid
client
resolv-retry infinite
nobind
persist-key
persist-tun
script-security 2
dev tun1
proto udp4
cipher aes-256-cbc
auth sha256
remote mydomain.ddns.net 1195
comp-lzo adaptive
tun-mtu 1500
mtu-disc yes
fast-io
tls-auth /tmp/openvpncl/ta.key 1
verify-x509-name "plex2_cert" name;
ncp-ciphers AES-256-GCM:AES-128-GCM;
route 192.168.1.0 255.255.255.0;
resolv-retry infinite;
Top
Post Reply

Return to “Configuration”