Project

General

Profile

Actions

Bug #15187

closed

OpenVPN client addresses unreachable despite all rules in place and tunnel being up

Added by Roland Giesler 11 months ago. Updated 11 months ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:
amd64

Description

Refer to support ticket: https://forum.netgate.com/topic/185705/p2p-vpn-server-can-t-reach-client-but-client-can-reach-server

The issue persists, even when a new opvn server and client is created.

Actions #1

Updated by Jim Pingle 11 months ago

  • Status changed from New to Not a Bug

I don't see anything in that thread that suggests it's a bug rather than a misconfiguration somewhere. Keep discussing it in the forum for now. There are many such configurations in the wild which are working perfectly, there must be some aspect of your setup that isn't configured correctly.

Actions #2

Updated by Roland Giesler 11 months ago

As far as I can tell we've exhausted all the options. The routes are correct. the firewall rules allow the traffic. The addresses are not blocked by the sshguard or virusprot tables.

The client pfSense can reach all its local addresses, the server pfSense can reach the tunnel ip on the client, but nothing else on the client.

I have a shared-key P2P tunnel with the same version of pfSense that works perfectly with this setup. With this newly installed pfSense on a new server, it just does not work as expected, with the only configured difference being that the new one is using Peer-to-peer SSL/TLS instead of a shared key.

I will delete the whole machine and reinstall it all, create a new tunnel and then report back.

Actions

Also available in: Atom PDF