openVPN not allowing clients to access resources on the LAN
-
@the-rob
Check the logs on pfSense for hints: System, OpenVPN, firewall. Ensure you have the logging of the default blocks enabled. -
@bambos Internet connection is fine. VPN is nice and stable while accessing the pfSense box. No errors. No packet loss on any interfaces. Only a failure to communicate to resources on the pfSense LAN.
File server is rock solid. I've been using it on the LAN for a couple years now with no issues. Accessing it on the LAN now is still working great. Using it across the VPN is what is the issue.
-
@viragomann Default block logging was enabled.
Nothing showing in the logs. I have even tried accessing the LAN resources and then checking the logs right after to see if anything was added - nothing was.
This is what made me reach out for help. None of the normal diagnostic steps seem to show any issue.
-
For what it's worth, I did a fresh install on different hardware, and I can now access the file server's admin panel across the VPN. I cannot, however, access SMB file shares from the same server. The firewall rule for OpenVPN is set to the defaults of 'forward everything on all ports'.
Any idea what I'm still not getting set properly?
-
@the-rob still strange, most probably something is not ok with the specific file server.
What file server is this ? Can you make an SMB share on another PC for test ? for example use anydesk on a pc on your lan and start smb with a share to test. -
@the-rob said in openVPN not allowing clients to access resources on the LAN:
For what it's worth, I did a fresh install on different hardware
Is this now the default gateway in the LAN / on the SMB server?
How did you try to access the shares? Do you call the server by its IP?
-
@bambos I have not yet tried another file share. I'll set that up and give it a try. I'm confident the file server is working. I can use it with no issues at all on the local network. Across the VPN I get very sporadic response from the web interface, and cannot access the file share at all. It's like the pfSense box isn't actually routing.
-
@viragomann It is the default gateway. I have tried accessing the shares using both ip and NetBIOS name.
using \\192.168.50.50\folder
and \\fileshare\folder -
Oh, the original hardware was a dual core i5 with 4GB of RAM. An old workstation I added a PCI gigabit NIC in.
The new hardware is a rotated out enterprise server. Dual 12-core Xeon with 64 GB of RAM. 4 built-in gigabit NICs.
I wanted to try with dissimilar hardware. Both are behaving about the same. Is there a setting in the OpenVPN that needs to be checked to get the routing working?
-
@bambos No joy on the other machine. For some reason it won't route beyond the VPN server.
-
@the-rob
Try to get it work with IP first to avoid resolving issues.If you cannot access the SMB ensure the host does not block it by its own firewall, which is the default behavior.
To troubleshoot you can use the packet capture utility from the Diagnostic menu on pfSense.
Take a capture on the interface facing to the SMB server and check if requests are going out and if responds are coming back properly.