I have an OpenVPN instance running on a server behind a Cyberoam firewall that is partially working but am having problems with packets getting dropped as invalid. I have static routes defined in the OpenVPN config and on the firewall and can ping VPN clients from the firewall. However, when I ping Server A on my network from a VPN client, the ICMP response from Server A gets dropped as invalid traffic (rule 0) by the firewall. What kind of firewall rule do I need to add to allow this traffic?
I am running the latest firmware (10.6.6 MR-3), and just to make things less abstract, let's say my primary network (defined on the Cyberoam device) is 192.168.40.0/24 and my VPN subnet (defined by OpenVPN) is 192.168.41.0/24. Thanks in advance for any help!
Edit: In the firewall logs, the "Out Interface" has no value. This seems odd since the static route I defined that should apply to this packet specifies an interface.
Edit 2: I added a rule allowing anything on the LAN to my VPN subnet using an IP Host entry. This is one of the first things I tried and doing this again did not resolve the issue by itself. However, when I ping my client connected via the VPN from the machine I was trying to ping, it picks up the static route I defined in the firewall and I can then ping this machine from my VPN client as I would expect. My question now is why would my LAN machine pick up this route when pinging out to the VPN but not when trying to reply to the ping sent from the VPN client? This will be a problem in the future since the LAN machine forgets the route if networking is restarted, thus breaking this connectivity until I manually initiate a ping to a VPN client. I don't want to have to create a cron job to ping something on the VPN subnet.
This thread was automatically locked due to age.
