OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • OpenVPN Peer-to-Peer (SSL/TSL) - unable to ping from Server LAN to Client LAN
« previous next »
  • Print
Pages: [1]

Author Topic: OpenVPN Peer-to-Peer (SSL/TSL) - unable to ping from Server LAN to Client LAN  (Read 2246 times)

ErAzOr

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
OpenVPN Peer-to-Peer (SSL/TSL) - unable to ping from Server LAN to Client LAN
« on: May 13, 2017, 02:57:14 pm »
Hi,

I successfully esteblished a connection between my home LAN (10.0.1.0/24) and my LAN on esxi host (10.0.3.0/24) by OpenVPN, where OPNsense on esxi acts as OpenVPN Server.

from all my clients on home LAN I can access all clents on esxi without problems.
My problem is, that I'm unable to access my Clients on home LAN from OPNsense directly, or the clients behind.

For example: When I try to ping a (home) client directly on OPNsense shell, I get no response.

I think my routing table seems to be fine:
ipv4   default   88.99.181.161   UGS   16557350   1500   em0   wan   
ipv4   10.0.1.0/24   10.0.100.2   UGS   1189   1500   ovpns1   OpenVPN_Site_To_Site   
ipv4   10.0.3.0/24   link#2   U   46533350   1500   em1   LAN   
ipv4   10.0.3.1   link#2   UHS   0   16384   lo0       
ipv4   10.0.100.0/24   10.0.100.2   UGS   41400   1500   ovpns1   OpenVPN_Site_To_Site   
ipv4   10.0.100.1   link#8   UHS   0   16384   lo0       
ipv4   10.0.100.2   link#8   UH   0   1500   ovpns1   OpenVPN_Site_To_Site

I don't see any blocked packets in my firewall logs.

Does anyone have an idea, what's wrong?
Logged

kug1977

  • Newbie
  • *
  • Posts: 29
  • Karma: 4
    • View Profile
Re: OpenVPN Peer-to-Peer (SSL/TSL) - unable to ping from Server LAN to Client LAN
« Reply #1 on: May 14, 2017, 04:00:13 am »
Hi,

on IPsec you have to make sure, that you use a Source IP if the OPNsense Interface that is part of your tunnel, to make the packages travel through the tunnel:

ping -S <IP OPNsense tunnel Interface> <home client>

else the packages with a private IP travel outside of the tunnel and will be blocked on the next hop behind WAN.

King regards,
Kay-Uwe Genz
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • OpenVPN Peer-to-Peer (SSL/TSL) - unable to ping from Server LAN to Client LAN
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2