The pfSense Store

Author Topic: Can ping server but not rest of network.  (Read 5876 times)

0 Members and 1 Guest are viewing this topic.

zone97

  • Guest
Can ping server but not rest of network.
« on: April 15, 2009, 04:39:56 pm »
I am fairly new to openvpn, and have it configure to connect correctly but I can only ping the local address of the openvpn server and nothing else on the net.

I have a linksys router with dd-wrt mini (it can not support the VPN firmware) is there a routing issue that needs to be addressed?

Thanks.

Offline andrew502

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Can ping server but not rest of network.
« Reply #1 on: April 15, 2009, 05:22:51 pm »
Is it other VPN clients you are unable to ping?  IF so there is an option "Client-to-client VPN" that you need to tick in the Open VPN  configuration on the PFsense firewall to allow this.  If you're referring to devices behind the firewall then check if your firewall rule allow any to any for the Open VPN port, otherwise it might cause this issue.

Do you receive the route for the network in your routing table?  Type "route print" from a command prompt to check.  IF the IP address range of your network is the same as the one behind your firewall this could cause a problem.

Hope that helps.

Offline Thibaut

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: Can ping server but not rest of network.
« Reply #2 on: April 30, 2009, 05:04:30 am »
Hello (and sorry for my bad english, im french...)

I have the same problem ... See my OpenVPN server configuration :



I'm on local network 10.187.91.0/22 and i create this VPN on this network. I have a local network 192.168.1.0/24, and I want to access to it with a VPN.

With this configuration, I can ping my VPN Server with the address 192.168.1.254, but not the rest of this local network (192.168.1.245 for exemple...)

This is my rules of my firewall :

WAN : UDP      *              *      *      1194 (OpenVPN)      *
LAN  : *              LAN net      *      *      *                              *

So, it's a problem ...

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Can ping server but not rest of network.
« Reply #3 on: April 30, 2009, 08:04:54 am »
Is the OpenVPN server the default gateway for the network behind it?
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline Thibaut

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: Can ping server but not rest of network.
« Reply #4 on: April 30, 2009, 08:09:21 am »
Heum... Yes, pfSense is the default gateway on 192.168.1.0/24 sub-network !

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Can ping server but not rest of network.
« Reply #5 on: April 30, 2009, 08:19:01 am »
And on the remote client, when the link is up, what does "netstat -rn" show?
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline Thibaut

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: Can ping server but not rest of network.
« Reply #6 on: April 30, 2009, 08:20:58 am »
That ...

Code: [Select]
thibaut@PC-de-Thibaut:~$ netstat -rn
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic   MSS FenÍtre irtt Iface
192.168.2.1     192.168.2.5     255.255.255.255 UGH       0 0          0 tun0
192.168.2.5     0.0.0.0         255.255.255.255 UH        0 0          0 tun0
172.16.119.0    0.0.0.0         255.255.255.0   U         0 0          0 vmnet1
192.168.1.0     192.168.2.5     255.255.255.0   UG        0 0          0 tun0
172.16.74.0     0.0.0.0         255.255.255.0   U         0 0          0 vmnet8
10.187.88.0     0.0.0.0         255.255.252.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         10.187.88.245   0.0.0.0         UG        0 0          0 eth0

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Can ping server but not rest of network.
« Reply #7 on: April 30, 2009, 10:07:27 am »
Routing looks good.  Does the OpenVPN server end have another network that's 192.168.1.x/24?
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline Thibaut

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: Can ping server but not rest of network.
« Reply #8 on: April 30, 2009, 10:31:47 am »
My pfSenseBox is in two network :
WAN : 10.187.88.0/22 (address 10.187.88.9)
LAN : 192.168.1.0/24 (address 10.187.88.254, it's the gateway of the 192.168.1.0/24 subnet)

So i think that the OpenVPN server is on the 192.168.1.0/24 network ...

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Can ping server but not rest of network.
« Reply #9 on: April 30, 2009, 11:08:23 am »
I can't see an obvious problem.  I'd check things like firewall settings (on both ends), drop a packet sniffer in to see if the packets are making it through pfSense (ISTR that tcpdump is installed by default on pfSense) and check to see if you can ping from the 192.168.1.0/24 network to the 192.168.2.0/24 network.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline Thibaut

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: Can ping server but not rest of network.
« Reply #10 on: April 30, 2009, 11:33:30 am »
Arf ....

Ok thanks for your help ! A return to work on Monday, so see you soon !

Offline Thibaut

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: Can ping server but not rest of network.
« Reply #11 on: May 04, 2009, 02:13:22 am »
Hello !

So, i can ping 192.168.2.0/24 address from 192.168.1.0/24 subnet. But from 10.187.88.0/22, i ping 192.168.1.254 but not the rest of the 192.168.1.0/24 subnet :(

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Can ping server but not rest of network.
« Reply #12 on: May 04, 2009, 03:26:54 am »
I think a diagram is required to make that last post make sense.  You're implying that you're trying to ping from outside the pfSense host, on the WAN, to the LAN.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline Thibaut

  • Jr. Member
  • **
  • Posts: 33
  • Karma: +0/-0
    • View Profile
Re: Can ping server but not rest of network.
« Reply #13 on: May 04, 2009, 03:47:01 am »
PC1 192.168.2.6 (tun0) ---------------- 10.187.88.8 (WAN) pfSense 192.168.1.254 (LAN) ------------------ 192.168.1.245 (LAN) PC2

pfSense have also 192.168.2.5 for the VPN Server.

ping from PC2 to PC1 work !
ping from PC1 to PC2 doesn't work !

and i want to access to LAN since WAN with VPN server
« Last Edit: May 04, 2009, 03:49:48 am by Thibaut »

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Can ping server but not rest of network.
« Reply #14 on: May 04, 2009, 03:54:57 am »
Right, then look at the firewall settings on PC2.  You may find that it's blocking ping requests.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.