On Fri, May 28, 2010 at 5:50 PM, Vick Khera <vi...@khera.org> wrote: > That desktop can ssh/http/imap/whatever to any host in the office LAN. > > Any host in the office LAN however cannot ping/ssh/http/whatever to > that remote IP. > > The only system in the office that can ping the remote is the pfSense > box itself. >
Well, after letting this fester for a long time I finally got around to really digging into this. It turns out that at some point we added a second WAN connection, and put in a load-balancing rule for policy routing all traffic form the LAN to the fail-over queue. This pulled in all traffic destined to the openvpn client that did not already have a state rule to route it properly. Ultimately the reply #7 on this thread <http://forum.pfsense.org/index.php?topic=11438.0> of the forum lead me to the solution, which was to add a rule for LAN traffic destined to the openvpn client addresses to go via default gateway. This let the routing table get used, and then the openvpn route worked. Posting here so others can discover it on the archives. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org