|
Title: Open VPN clients cannot ping LAN Post by: buxton on Wednesday 19 August 2009, 10:46:54 pm I am having trouble with my Open VPN setup. I am able to connect and ping the Endian firewall and access its webpage and from there I can ping my client laptop. Unfortunately I can not access any other resources in my LAN and no computers in my LAN can ping my client laptop. This is a road warrior setup. I am using the latest download of Endian firewall community. I belive this may be a routing issue but i am unsure what to do next.
Client 1 (..2.10) - - - - - - - - - endian firewall (..2.6) – LAN (..2.xx) Title: Re: Open VPN clients cannot ping LAN Post by: StephanSch on Friday 21 August 2009, 06:56:51 am the problem is that your nets are on the same subnet. you should try to change one net or to change from routed to bridged
Title: Re: Open VPN clients cannot ping LAN Post by: marvosa on Friday 28 August 2009, 12:00:15 am There are several things it could be, but I would start here:
In the VPN section on the "Advanced" tab, make sure you have this checked "Don't block traffic between clients". If this doesn't work, post your user and server configs so we can troubleshoot further. A things: 1. Disable windows firewall or be sure to allow ICMP through. 2. Make sure your OpenVPN IP scope does not overlap your DHCP IP range. 3. Do you have any Outgoing firewall rules that may be blocking ICMP? 4. Post client info (IP, subnet, default gateway, dns) and routing table after your clients connect. Title: Re: Open VPN clients cannot ping LAN Post by: endiant on Tuesday 03 November 2009, 08:37:42 am add a source NAT rule to allow "ALL OpenVPN users to Green" and all traffic should work.
Title: Re: Open VPN clients cannot ping LAN Post by: ad.aimm on Wednesday 04 November 2009, 12:13:28 am hi,
in my part, sometimes ping works or doesn't work with openvpn (without nat and vpn firewall rules). but if i use ipsec i have always no trouble. regards ad Title: Re: Open VPN clients cannot ping LAN Post by: magu on Saturday 12 December 2009, 09:59:32 am Been banging my against this one for a while.
Finally figured out: had disable the intrusion prevention system because it was blocking DNS packets. Even though ALL of the VPN firewall rules do NOT have IPS enabled. Title: Re: Open VPN clients cannot ping LAN Post by: -tim- on Wednesday 30 December 2009, 03:59:01 am I am having trouble with my Open VPN setup. I am able to connect and ping the Endian firewall and access its webpage and from there I can ping my client laptop. Unfortunately I can not access any other resources in my LAN and no computers in my LAN can ping my client laptop. This is a road warrior setup. I am using the latest download of Endian firewall community. I belive this may be a did you find a solution? i have exactly the same issue. efw and even other networks than green work fine, only the bridged green zone is unreachable. i can find some equivalent postings on the net but no solution yet ??? Title: Re: Open VPN clients cannot ping LAN Post by: mogyiman on Thursday 07 January 2010, 10:16:39 am Took me around 3 hours to figure out rules.. on EFW 2.3
- Disable firewall on client machine's TAP adapter - Make sure the client's original and the server's network IP addresses are not overlapping - Push the network ip address range explicitly from the server - Add the following SOURCE NAT RULE - Source : ALL (OpenVPN User) ---> Dest: GREEN --> service: <ANY> ---> NAT TO : GREEN - Add the following to VPN FIREWALL RULE - Source : ALL (OpenVPN user) ---> Dest: GREEN + OPENVPN --> service: <ANY> ALLOW Client config is: client float dev tap proto udp pull remote [SERVER IP] 1194 resolv-retry infinite nobind persist-key persist-tun ca "SERVER'S CA.pem" auth-user-pass comp-lzo verb 3 Title: Re: Open VPN clients cannot ping LAN Post by: jianjou on Thursday 07 January 2010, 01:45:26 pm I have the same problem, and I try to use the method that you provide. But I still can not ping or access any hosts.
Any other ideas? Title: Re: Open VPN clients cannot ping LAN Post by: mogyiman on Thursday 07 January 2010, 08:52:29 pm Well, I noticed that Vista using the same configuration that my XP has is still unable to
To be more specific I used the latest Openvpn package (2.1.1) from openvpn site, because the GUI is already included into the newer packages. It has everything to install right on a Vista or Win7 client. My routing table shows the new routes, but still no ping, no nothing to remote network. The only address to reach is 0.223 which is the GREEN IP of the vpn gateway. I'm trying to modify automatic metric calculation to manual and give higher priority to TAP adapter's routes. Code: 172.20.0.0 255.255.255.0 On-link 172.20.0.82 286 So the above tables are failing, mostly because there are two gateways set for remote vpn network. On-link means default gw for the client machine. I decided to manually get rid of everything and build-up a new table which is far less sophisticated, but works. I will not change server side configuration just because of this vista issue (=win 7 issue) 1, create a file named "profilename_up.bat" next to your ovpn configuration 2, add the following contents: Code: route delete "target_network_address" Code: Interface List That's it. Title: Re: Open VPN clients cannot ping LAN Post by: martec on Tuesday 20 April 2010, 07:06:55 pm Hi @ all,
-- i resume this post because i have the same problem, but when i try to change client ip in vpn (VPN --> Configuration Server --> Pool Dynamic IP start/end), and i restart openvpn server, i see old ip's. So i can't change the pool for vpn client... Old value are the same of GREEN, and i read this is not right, so i want to change that... Title: Re: Open VPN clients cannot ping LAN Post by: jeliasson on Tuesday 10 May 2011, 06:21:07 am Hi,
I'm having the same problem and I tried to add a SNAT-rule, as mogyiman suggested, but no luck. If I however remove the route to the OpenVPN-subnet, it works. Title: Re: Open VPN clients cannot ping LAN Post by: Alishba on Monday 16 May 2011, 08:44:54 pm Dashquid (http://dashquid.com)
fatlossprofessional.co.uk (http://fatlossprofessional.co.uk) fatlossprofessional (http://fatlossprofessional.co.uk/how-to-lose-weight-fast/) mobilehelper (http://mobilehelper.co.uk) securetrip (http://securetrip.co.uk) whichpetcover (http://whichpetcover.com) google (http://google.com) abc (http://abc.com) facebook (http://facebook.com) craigslist (http://craigslist.com) Title: Re: Open VPN clients cannot ping LAN Post by: lucianovs on Tuesday 28 June 2011, 06:15:52 am Hi Guys!!!
You just new create a firewall rule: CLIENT2ENDIAN: GO TO FIREWALL - VPN TRAFFIC (ENABLE) CREATE A RULE LIKE: SOURCE: OPENVPN: ANY DESTINATION: ANY POLICY: ALLOW GW2GW: CREATE A RULE LIKE: SOURCE IP: ip/mask local DESTINATION: ip/mask remote POLICY: ALLOW I think this can help! =] |