pfSense + OpenVPN, ping ok but no traceroute

garethw · May 24, 2021, 5:49pm

I think I’m just being a bit thick here but I’ve got a problem and wondered if anyone can make any suggestions.

Running pfSense 2.5.0 as a VM (yes, I know) with two P2P Open VPN connections incoming from different remote sites. One remote is another VM the other an SG1100.

I’m able to communicate in both directions with everything absolutely fine, web browsing works, network shares, ssh, ping… but not traceroute.

For one of the P2P I get a reply from the pfSense LAN side, then from the OpenVPN local IP then nothing. From the other I only get a reply from the pfSense LAN IP then nothing.

I’m a tiny bit confused as clearly traffic is being routed and give that everything else works I don’t quite follow why traceroute doesn’t.

Granted, it’s not really a “problem” as such, but I was using it to diagnose a routing issue and realised that it was broken.

Any ideas?

(ed. When I say “nothing” I mean, stars all the way down to 30 hops)

neogrid · May 24, 2021, 5:57pm

Pretty sure traceroute uses ICMP, did you enable that protocol in the rules ?

garethw · May 24, 2021, 6:14pm

That would be my first thought too.
The rules are wide open on both (all 3) ends as well as on the OpenVPN interface again at all 3 points.

To confuse things even more, ping - which also uses ICMP, is working fine.

neogrid · May 24, 2021, 6:28pm

Thought so.

Actually I just noticed in pfsense there is a traceroute feature under diagnostic which uses UDP as the default, perhaps give that a go. Only used traceroute from the command line myself.

garethw · May 25, 2021, 11:34am

You make a good point. I’ve not tried from the pfSense box only through it. Will give that a go.