# OpenVPN and no access to LAN



## herpestes (Aug 23, 2018)

On the FreeBSD router I installed openvpn and the problem is that you can not ping or connect to any computer except the router in the LAN.
But to make it funny to ping the router works (on the interface tun0, as well as on the LAN interface bge1).

I add that:
- on the client, the routing route to the LAN subnet (192.168.4.0/24) is set,
- the client side subnet is different than the subnet behind the router
- net.inet.ip.forwarding = 1 is set
- on the firewall (ipfw) transmitted traffic on the 1194 / udp port, otherwise all on the bge1 LAN interface and on the v0 tun0 interface.

As I check the network traffic with the tcpdump -i tun0 -v icmp command, I have the result:
for ping 192.168.4.1 (router):

```
]
23:41:42.455553 IP (tos 0x0, ttl 128, id 2741, offset 0, flags [none], proto ICMP (1), length 60)
    10.20.0.2 > 192.168.4.1: ICMP echo request, id 1024, seq 11520, length 40
23:41:42.455570 IP (tos 0x0, ttl 64, id 31949, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.4.1 > 10.20.0.2: ICMP echo reply, id 1024, seq 11520, length 40
```

for ping 192.168.4.2 (computer in LAN): 

```
23:43:32.053773 IP (tos 0x0, ttl 128, id 2774, offset 0, flags [none], proto ICMP (1), length 60)
    10.20.0.2 > 192.168.4.2: ICMP echo request, id 1024, seq 12032, length 40
23:43:37.321809 IP (tos 0x0, ttl 128, id 2778, offset 0, flags [none], proto ICMP (1), length 60)
    10.20.0.2 > 192.168.4.2: ICMP echo request, id 1024, seq 12288, length 40
```

There is no response to ICMP packets.

What could be the reason for what else should I set?
It looks like a firewall blocked something.

Please, help me with some tips.


----------



## aragats (Aug 24, 2018)

It's hard to tell anything without seeing the output of both:
	
	



```
% ifconfig
% netstat -rn
```


----------



## ShelLuser (Aug 25, 2018)

herpestes said:


> On the FreeBSD router I installed openvpn and the problem is that you can not ping or connect to any computer except the router in the LAN.


You do understand how routing tables work I hope?

If those other machines have no notion of your IP then any data they would sent in return goes to the default route. So unless that default route is your other router then there's no way those other machines can ever reach you.


----------



## SirDice (Aug 27, 2018)

What most newbies forget, packets need to know the way back too. So not only do you need to look at routing tables going out, you will need to do the same working backwards for the return packets. Most of the time routing has only been correctly set up for the forward traffic but the responses end up getting sent to some default gateway. Traffic (and thus routing) works both ways.


----------

