[pfSense Support] making connections *to* a road-warrior openvpn host

Fri, 28 May 2010 14:50:52 -0700 

I have a remote desktop connected in a single-point OpenVPN connection
to my office pfSense 1.2.3.

That desktop can ssh/http/imap/whatever to any host in the office LAN.

Any host in the office LAN however cannot ping/ssh/http/whatever to
that remote IP.

The only system in the office that can ping the remote is the pfSense
box itself.

If I traceroute to the remote box' openvpn address from pfSense, it
shows one hop.  If I traceroute from another box to the remote openvpn
IP, it goes out over the public routers to oblivion.

What do I need to do to make pfSense take packets for this LAN and
shove them down the openvpn tunnel?  The routes seem right.  The
pfsense router is the default route on every machine on the office
LAN.



Relevant route info from pfSense box:

192.168.60.0/24    192.168.60.2       UGS         0    35501   tun0
192.168.60.2       192.168.60.1       UH          1        0   tun0


tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        inet6 fe80::203:47ff:fe73:a243%tun0 prefixlen 64 scopeid 0x8
        inet 192.168.60.1 --> 192.168.60.2 netmask 0xffffffff
        Opened by PID 53938


# ping 192.168.60.6
PING 192.168.60.6 (192.168.60.6): 56 data bytes
64 bytes from 192.168.60.6: icmp_seq=0 ttl=64 time=52.213 ms
64 bytes from 192.168.60.6: icmp_seq=1 ttl=64 time=291.092 ms
^C
--- 192.168.60.6 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 52.213/171.653/291.092/119.439 ms
# traceroute !$
traceroute 192.168.60.6
traceroute to 192.168.60.6 (192.168.60.6), 64 hops max, 40 byte packets
 1  192.168.60.6 (192.168.60.6)  176.333 ms  46.134 ms  21.489 ms



from a MacOS machine on the same LAN as the pfsense:

% ping 192.168.60.6
PING 192.168.60.6 (192.168.60.6): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
% traceroute 192.168.60.6
traceroute to 192.168.60.6 (192.168.60.6), 64 hops max, 52 byte packets
 1  * * *
 2  68.85.138.221 (68.85.138.221)  9.050 ms  10.376 ms  11.246 ms
 3  po-30-ur01.rockville.md.bad.comcast.net (68.87.129.153)  196.578
ms  7.583 ms  9.222 ms
 4  po-60-ur01.chillum.dc.bad.comcast.net (68.87.128.217)  10.244 ms
18.659 ms  9.206 ms
 5  po-30-ur01.michiganave.dc.bad.comcast.net (68.87.128.210)  9.875
ms  8.888 ms  9.482 ms
 6  po-60-ur01.benning.dc.bad.comcast.net (68.87.128.165)  10.743 ms
9.753 ms  9.936 ms
 7  be-30-ar03.capitolhghts.md.bad.comcast.net (68.87.128.174)  10.074
ms  10.757 ms  9.928 ms
 8  * * *
 9  * * *
10  * * *


All the while there is an SSH connection from 192.168.60.6 to this
machine, so clearly it can talk to the remote end just fine somehow.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Commercial support available - https://portal.pfsense.org

Reply via email to