openVPN not allowing clients to access resources on the LAN
-
@the-rob if it is site to site openvpn tunnel , then you need to enable the virtual interface on both sides and add allow rule.
If you are connecting with remote access openvpn, you need to have an allow rule on openvpn tab.Please clarify how you connect, and maybe i can give a tutorial to make it correct.
-
@bambos It is a client-server VPN. For accessing my files while I'm away from home. I used the wizard and it made the firewall rules.
It connects fine, but the traffic just isn't flowing correctly past the pfSense box. I can connect to the pfSense control panel easily and quickly. Trying to get to the LAN is where the problem arises. Traffic will flow fine, then all of a sudden it stops, then 10-30 seconds later it's going fine again.
It can't be the firewall, because traffic does go through. What's making me scratch my head is that the traffic will just stop for a bit, then pick up again. I have no idea why it's doing that.
-
@the-rob check if it is a matter of unstable internet connection.
monitor the packet loss on the interfaces, VPN and WAN.if you don't see a disconnection of VPN but you experience misbehaviour, also check the health of the file server. Faulty hard disk make retryX1000 times to read correctly causing momentarily not responsiveness.
If there is VPN Tunnel issue, you would see the ballon reconnecting. -
@the-rob
Check the logs on pfSense for hints: System, OpenVPN, firewall. Ensure you have the logging of the default blocks enabled. -
@bambos Internet connection is fine. VPN is nice and stable while accessing the pfSense box. No errors. No packet loss on any interfaces. Only a failure to communicate to resources on the pfSense LAN.
File server is rock solid. I've been using it on the LAN for a couple years now with no issues. Accessing it on the LAN now is still working great. Using it across the VPN is what is the issue.
-
@viragomann Default block logging was enabled.
Nothing showing in the logs. I have even tried accessing the LAN resources and then checking the logs right after to see if anything was added - nothing was.
This is what made me reach out for help. None of the normal diagnostic steps seem to show any issue.
-
For what it's worth, I did a fresh install on different hardware, and I can now access the file server's admin panel across the VPN. I cannot, however, access SMB file shares from the same server. The firewall rule for OpenVPN is set to the defaults of 'forward everything on all ports'.
Any idea what I'm still not getting set properly?
-
@the-rob still strange, most probably something is not ok with the specific file server.
What file server is this ? Can you make an SMB share on another PC for test ? for example use anydesk on a pc on your lan and start smb with a share to test. -
@the-rob said in openVPN not allowing clients to access resources on the LAN:
For what it's worth, I did a fresh install on different hardware
Is this now the default gateway in the LAN / on the SMB server?
How did you try to access the shares? Do you call the server by its IP?
-
@bambos I have not yet tried another file share. I'll set that up and give it a try. I'm confident the file server is working. I can use it with no issues at all on the local network. Across the VPN I get very sporadic response from the web interface, and cannot access the file share at all. It's like the pfSense box isn't actually routing.
-
@viragomann It is the default gateway. I have tried accessing the shares using both ip and NetBIOS name.
using \\192.168.50.50\folder
and \\fileshare\folder -
Oh, the original hardware was a dual core i5 with 4GB of RAM. An old workstation I added a PCI gigabit NIC in.
The new hardware is a rotated out enterprise server. Dual 12-core Xeon with 64 GB of RAM. 4 built-in gigabit NICs.
I wanted to try with dissimilar hardware. Both are behaving about the same. Is there a setting in the OpenVPN that needs to be checked to get the routing working?
-
@bambos No joy on the other machine. For some reason it won't route beyond the VPN server.
-
@the-rob
Try to get it work with IP first to avoid resolving issues.If you cannot access the SMB ensure the host does not block it by its own firewall, which is the default behavior.
To troubleshoot you can use the packet capture utility from the Diagnostic menu on pfSense.
Take a capture on the interface facing to the SMB server and check if requests are going out and if responds are coming back properly.