I only open UDP 1194 in my WAN rules, uncheck block private networks on
WAN interfaces and unchanged default LAN rules.
Activated advanced outbond nat (AON) in NAT with only auto created rules.
I don't think you need to uncheck block private networks on the WAN
interface, nor mess with AON.
Server with ip 172.16.4.60 using gateway 172.16.4.252 which is pfSense
1.2RC1 for testing OpenVPN, and server 172.16.4.16 using another gateway
172.16.4.253 which is pfSense 1.0.1 running for production.
Not being able to get to 172.16.4.16 is expected. It's got a different
default gateway, so when it sees any traffic coming from your clients
(172.16.100.0/24) it sends it to it's default route, 172.16.4.253, which
the pfSense box running 1.0.1 isn't aware of, and probably just drops
it. The only way to get around this would be to add a route on
172.16.4.16 or the pfSense 1.0.1 system (172.16.5.253) routing anything
from 172.16.100.0/24 to 172.16.4.252.
Why you can't get to 172.16.4.60 is beyond me. Your routes on your
client look fine, the only thing I can think of is a client firewall on
172.16.4.60 which is blocking incoming ICMP packets. Have you tried
running a tcpdump on the tunX interface on 172.16.4.252 to see if the
ICMP traffic coming from the client's tunnel is making it into the
pfSense box?
-Kyle
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
