Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] OpenVPN can't ping LAN
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: [SOLVED] OpenVPN can't ping LAN (Read 29092 times)
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: OpenVPN can't ping LAN
«
Reply #15 on:
August 07, 2015, 05:04:55 pm »
Is the LAN by any chance set up as static IP? When you use the Ping tool in diagnostics, does it ping your internal IPs ok (from source address default, LAN, WAN)?
«
Last Edit: August 07, 2015, 05:10:47 pm by franco
»
Logged
Groveld
Newbie
Posts: 27
Karma: 3
Re: OpenVPN can't ping LAN
«
Reply #16 on:
August 07, 2015, 05:34:58 pm »
Yes, LAN is setup with a static IP, 10.25.1.254 with a subnet of 255.255.254.0 (/23).
Here are the PING results:
::Default::
PING 10.25.1.1 (10.25.1.1): 56 data bytes
64 bytes from 10.25.1.1: icmp_seq=0 ttl=64 time=0.405 ms
64 bytes from 10.25.1.1: icmp_seq=1 ttl=64 time=0.354 ms
64 bytes from 10.25.1.1: icmp_seq=2 ttl=64 time=0.544 ms
::WAN::
PING 10.25.1.1 (10.25.1.1) from 192.168.178.254: 56 data bytes
--- 10.25.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
::LAN::
PING 10.25.1.1 (10.25.1.1) from 10.25.1.254: 56 data bytes
64 bytes from 10.25.1.1: icmp_seq=0 ttl=64 time=0.419 ms
64 bytes from 10.25.1.1: icmp_seq=1 ttl=64 time=0.626 ms
64 bytes from 10.25.1.1: icmp_seq=2 ttl=64 time=0.397 ms
::DMZ::
PING 10.25.1.1 (10.25.1.1) from 10.42.1.254: 56 data bytes
64 bytes from 10.25.1.1: icmp_seq=0 ttl=64 time=0.448 ms
64 bytes from 10.25.1.1: icmp_seq=1 ttl=64 time=0.373 ms
64 bytes from 10.25.1.1: icmp_seq=2 ttl=64 time=0.309 ms
::OpenVPN server::
PING 10.25.1.1 (10.25.1.1) from 10.255.240.1: 56 data bytes
64 bytes from 10.25.1.1: icmp_seq=0 ttl=64 time=0.498 ms
64 bytes from 10.25.1.1: icmp_seq=1 ttl=64 time=0.439 ms
64 bytes from 10.25.1.1: icmp_seq=2 ttl=64 time=0.312 ms
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: OpenVPN can't ping LAN
«
Reply #17 on:
August 07, 2015, 06:19:27 pm »
Funny. I think the route is not being generated by OPNsense due to the static interface configuration.
Does the following help when issued manually as a root user on the box?
route add -net 10.25.1.254/23 10.25.1.254
Logged
Groveld
Newbie
Posts: 27
Karma: 3
Re: OpenVPN can't ping LAN
«
Reply #18 on:
August 07, 2015, 06:38:22 pm »
root@firewall:~ # route add -net 10.25.1.254/23 10.25.1.254
route: writing to routing socket: File exists
add net 10.25.1.254: gateway 10.25.1.254 fib 0: route already in table
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: OpenVPN can't ping LAN
«
Reply #19 on:
August 07, 2015, 08:01:00 pm »
Now on to the firewall log, interface WAN destination your NAS, protocol ICMP. Find out why those pings are being blocked. It can only be the firewall then.
Logged
Groveld
Newbie
Posts: 27
Karma: 3
Re: OpenVPN can't ping LAN
«
Reply #20 on:
August 07, 2015, 08:53:07 pm »
I have set my log to 5000 lines but there is no mention of 10.25.1.1 anywhere...??
maybe my setup is trying to keep me at home and doesn't like it when i leave or something??
Does it help if i create and vpn account for you (franco)? keeping out an annoying middle-man (me)
, maybe i keep overlooking things? Just an thought.
Logged
Groveld
Newbie
Posts: 27
Karma: 3
Re: OpenVPN can't ping LAN
«
Reply #21 on:
August 07, 2015, 09:28:54 pm »
This is from the OpenVPN log:
gateway openvpn[92190]: martin/82.73.xxx.xxx:61968 SENT CONTROL [martin]: 'PUSH_REPLY,route 10.25.0.0 255.255.254.0,route 10.42.0.0 255.255.254.0,dhcp-option DOMAIN home.groveld.com,dhcp-option DNS 10.25.1.254,dhcp-option DNS 8.8.8.8,register-dns,route-gateway 10.255.240.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.255.240.2 255.255.255.240' (status=1)
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: OpenVPN can't ping LAN
«
Reply #22 on:
August 07, 2015, 10:42:04 pm »
Did you try the filter? No packages dropped? Doesn't matter how many entries as long as you filter for the right connection parameters.
Did you turn off the log policy for drop by any change?
Can take a look on Monday if you have time. Drop me a PM.
Logged
Groveld
Newbie
Posts: 27
Karma: 3
[SOLVED] OpenVPN can't ping LAN
«
Reply #23 on:
August 15, 2015, 01:36:00 am »
This problem is now solved(ish)!
Franco
has helped me killing this problem, in the end the problem solved itself??!
Yea... we broke the vpn settings, after we reversed the mistake, the normal setup seemed to work fine.
so in the end NOTHING was changed at all, but everything works now!
The only thing worth mentioning is that IF you change anything openvpn related like add/remove/edit a firewall rule regarding the openvpn server (port 1194, or in my case 443) the openvpn service needs to be stopped and started manually, restart alone doesn't seen to work in this case, dunno why...
Thanks to
Dominian
for mentioning the "Topology" option!
Also for this specific use, where i wanted to access my lan network, i needed to terminate the vpn to my lan interface, this is done by changing the openvpn server option "Interface" from "WAN" to "LAN" and add a matching NAT rule to the LAN ip address, in my case 10.25.1.254 (now restart openvpn server
).
Franco is still looking into this episode of the x-files and maybe this mistery will be solved once and for all... tune in next time to find out!
In the meanwhile, somewhere out there, a case of beer is finding it's way to you franco!
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] OpenVPN can't ping LAN