Newbie Help: OpenVPN/PfSense. Connected, but can't ping LAN

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Locked
rockjock51
OpenVpn Newbie
Posts: 3
Joined: Thu Dec 25, 2014 6:56 am

Newbie Help: OpenVPN/PfSense. Connected, but can't ping LAN

Post by rockjock51 » Thu Dec 25, 2014 7:14 am

Hello...

I've installed OpenVPN on my PfSense server and have successfully configured it and connected with my Windows client. That connection can ping the OpenVPN/PfSense server and use the internet just fine. It cannot, however, ping LAN computers on the server side. I've configured my firewall to allow all traffic from the OpenVPN interface to all destinations. I've also configured it to allow all LAN traffic to all destinations. The PfSense box is the only default gateway on the network, so the OpenVPN server is also the default gateway.

Here's my server.conf:

Code: Select all

dev ovpns1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local <Correct Public IP>
tls-server
server 10.0.1.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "route 192.168.248.0 255.255.255.0"
push "dhcp-option DNS 192.168.248.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float
topology subnet
And the client:

Code: Select all

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 75.120.156.104 1194 udp
lport 0
verify-x509-name "MyOpenVPN-Server-Cert" name
auth-user-pass
pkcs12 pfsense-udp-1194-rockjock.p12
tls-auth pfsense-udp-1194-rockjock-tls.key 1
ns-cert-type server
comp-lzo
I'm struggling to understand what could be causing this. Any help would be greatly appreciated. Let me know if I've left any important bits out and I'll get them added ASAP.


Thanks,

Rocky

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Post by maikcat » Thu Dec 25, 2014 5:42 pm

your lan pcs , do they have firewall enabled?

Michael.

rockjock51
OpenVpn Newbie
Posts: 3
Joined: Thu Dec 25, 2014 6:56 am

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Post by rockjock51 » Sat Dec 27, 2014 10:14 pm

The one I'm trying to ping has the Windows Firewall completely disabled. Another is an Ubuntu Server that I can't SSH into either.

rockjock51
OpenVpn Newbie
Posts: 3
Joined: Thu Dec 25, 2014 6:56 am

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Post by rockjock51 » Sat Dec 27, 2014 10:16 pm

The one I'm trying to ping has the Windows firewall completely disabled. Another one that I'm trying to interact with is an Ubuntu Server that I also can't SSH to.

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Post by maikcat » Sun Dec 28, 2014 2:26 pm

please for testing disable you firewall (Except the nat rules),
also can you ping your vpn client from your lan pcs?

Michael.

Mikah
OpenVpn Newbie
Posts: 1
Joined: Fri Jan 16, 2015 11:39 pm

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Post by Mikah » Fri Jan 16, 2015 11:42 pm

Hi
Please do a small change in server.conf, there is:

Code: Select all

push "route 192.168.248.0 255.255.255.0"
Should be:

Code: Select all

push "route 10.0.1.0 255.255.255.0"
Br.
Mike

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping

Post by Traffic » Sun Jan 18, 2015 4:30 pm

Mikah, you are incorrect.

push "route 10.0.1.0 255.255.255.0" is taken care of by correct use of --server 10.0.1.0 (above)

push "route 192.168.248.0 255.255.255.0" is required.

noor92
OpenVpn Newbie
Posts: 2
Joined: Tue Jan 28, 2020 10:19 am

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping LAN

Post by noor92 » Tue Jan 28, 2020 10:21 am

Hello,
I have the same problem, have you solved the problem?

User avatar
Pippin
Forum Team
Posts: 588
Joined: Wed Jul 01, 2015 8:03 am

Re: Newbie Help: OpenVPN/PfSense. Connected, but can't ping LAN

Post by Pippin » Tue Jan 28, 2020 1:21 pm

This topic is quite old.
You are probably better served at Netgate forums.

Locked