The pfSense Store

Author Topic: Can Ping Gateway, Cant Ping Anything else?!  (Read 1274 times)

0 Members and 1 Guest are viewing this topic.

Offline rkbadmin

  • Newbie
  • *
  • Posts: 13
    • View Profile
Can Ping Gateway, Cant Ping Anything else?!
« on: July 10, 2012, 01:50:25 pm »
I've searched all over these forums and found nothing that fixed my issue. I've followed 3 different guides and set this up about 4 times. I can connect and authenticate and I can ping the gateway, but I can't access anything else on the local network.

Here are the guides I've followed:
http://hardforum.com/showthread.php?t=1663797
http://forum.pfsense.org/index.php/topic,7840.0.html
http://www.youtube.com/watch?v=VdAHVSTl1ys

I'm trying to do a Remote Access OpenVPN and I'm using the pfSense generated installer to put on the client machines. The local network is 10.10.10.0/24 and the remote network is 192.168.1.0/24.

Here are the screenshots of pfSense configurations:

CA:


Server Cert:


CRL:


User / User Cert:


Server General Info / Crypto Settings:


Tunnel Settings:


Client Settings:


Packages:


Firewall Rule:


OpenVPN Interface:


Interfaces:


OpenVPN Bridge:


Ipconfig Before:


OpenVPN Connection:


Ipconfig After:


Any suggestions would be appreciated.
« Last Edit: July 10, 2012, 03:48:22 pm by rkbadmin »

Offline marvosa

  • Sr. Member
  • ****
  • Posts: 338
    • View Profile
Re: Can Ping Gateway, Cant Ping Anything else?!
« Reply #1 on: July 13, 2012, 02:26:47 am »
1.  What version of PFsense are you running?
2.  What VPN solution are you trying to accomplish... routed or bridged?  I looks like you want bridged, but two of the three guides you posted are routed.

Is there a reason you "need" to be bridged?

3. You have "all clients on bridge to obtain DHCP" checked, so uncheck "provide a DNS server to clients"

4. Can you post a screen shot of the firewall rules from the LAN and OpenVPN tabs?

Offline rkbadmin

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: Can Ping Gateway, Cant Ping Anything else?!
« Reply #2 on: July 13, 2012, 08:12:17 am »
1) I'm running 2.0.1-RELEASE
2) I need bridged, I believe. I posted separate guides for both because I followed guides for both in an attempt to get something, anything working.

I want my machines connected to the VPN to be able to interact with other machines on the remote subnet as if it were connected locally, which I understand to be the definition of a bridged VPN. Here is a link to my information source: http://openvpn.net/index.php/open-source/faq/75-general/311-what-are-the-fundamental-differences-between-bridging-and-routing-in-terms-of-configuration.html

3) I've done that.

4) Sure, here:

LAN Tab:


OPENVPN Interface Tab:


OpenVPN Tab:


Offline marvosa

  • Sr. Member
  • ****
  • Posts: 338
    • View Profile
Re: Can Ping Gateway, Cant Ping Anything else?!
« Reply #3 on: July 14, 2012, 04:07:04 am »
Bridged puts you logically on the LAN and could be considered easier, but all broadcast traffic will traverse the tunnel and an ethernet header is added to every packet creating overhead.

Routed functions essentially the same... you can still connect to network shares, ping LAN IP's, ping by name (/w WINS), etc.  Also, only traffic destined to the client or the LAN will traverse the tunnel making it more efficient.  So... to each their own :)

I've never tried a bridged setup, but I'm betting that OPENVPN tab is the OPT1 interface you renamed to OPENVPN and bridged to your LAN per the instructions from http://hardforum.com/showthread.php?t=1663797.  

If you add a pass any any rule to the OPENVPN tab you should be able to pass traffic.