Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved]Open VPN kinda,sorta,notreally working

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 2 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      havoc3d
      last edited by

      Ok, so i've followed the instructions i found here: http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN , which seems to be the same instructions i've seen all over the place.

      Things seem to be working, as far as i have a client setup, it connects to the VPN and gets an IP.  But beyond that…i can't connect from the client to a share on a Win2000 machine on the LAN, i can't connect from the 2000 machine to the client, can't ping the vpn client from the 2000 machine, or vice versa.

      I've tried Diagnostic > Ping on the router to the client, and even the router can't seem to ping it...but then how the heck is the client getting a DHCP address from it?  I'm getting a little confused here.

      WAN on the router is straight out to the net on our T1, LAN is 192.168.2.0/24, OpenVPN clients are pulling DHCP from the 192.168.10.0/24 range....

      I've read the instructions over and over looking for what i may have missed, and i'm not seeing it.  The client is running XP with the Firewall off and no antivirus, LAN pc is win2000, no firewalls or antivirus.

      The only other posts i've seen in the forum that sound similar to the problems i am having have been to do with the LAN PC(s) not having the pfsense box as the default gateway, but that's not my problem.

      Any ideas anyone has would be appreciated....

      1 Reply Last reply Reply Quote 0
      • H
        havoc3d
        last edited by

        wow…over 170 views and a week later, and no one has any ideas...?

        1 Reply Last reply Reply Quote 0
        • Cry HavokC
          Cry Havok
          last edited by

          It probably comes under the heading of "too little information".

          It could be a routing problem - does the Win2K machine have the OpenVPN server as it's default gateway?

          1 Reply Last reply Reply Quote 0
          • H
            havoc3d
            last edited by

            @havoc3d:

            The only other posts i've seen in the forum that sound similar to the problems i am having have been to do with the LAN PC(s) not having the pfsense box as the default gateway, but that's not my problem.

            Let me know what info you need and i'll get it posted up.

            I agree, it's pretty much got to be a routing problem…the route tables on the vpn client pc look pretty correct as far as i can tell; i can post that up here if it helps.

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              Can you post a network diagram.

              Otherwise, things to check include firewall rules on both ends of the OpenVPN link.  I'd actually suggest that a visit to the OpenVPN site (openvpn.net) and their documentation may prove useful.

              1 Reply Last reply Reply Quote 0
              • H
                havoc3d
                last edited by

                Here's a little Net Map.  I've tried hooking the pfsense machine directly out the internet, incase you're curious; that didn't work, so i moved it back to my mock-up setup.

                pfsensemap.jpg
                pfsensemap.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • Cry HavokC
                  Cry Havok
                  last edited by

                  Right, with that diagram, where is the client and where are the devices that client is trying to access?  Can you post the configs for your OpenVPN server and client.

                  1 Reply Last reply Reply Quote 0
                  • H
                    havoc3d
                    last edited by

                    sorry i didn't notate that.  WinXP laptop is the client side, and for the purpose of this test, i'm trying to get to a shared folder on the win2k machine.  Shared folder is R/W - Everyone, just to make sure there's no problems with permissions.

                    1 Reply Last reply Reply Quote 0
                    • Cry HavokC
                      Cry Havok
                      last edited by

                      Right, so, double checks:

                      1. When you connect to the VPN the client gets a route inserted for the remote subnet?

                      2. Any software firewall on the Win2K box is disabled?

                      3. Any software firewall on the WinXP box is disabled for the OpenVPN tunnel?

                      4. The WinXP box can ping the 192.168.2.x address of the pfSense host?

                      5. The .0 addresses do refer to the networks, not host addresses

                      1 Reply Last reply Reply Quote 0
                      • H
                        havoc3d
                        last edited by

                        Got it.  LZ0 compression is on in the config file supplied with the how-to in the wiki, but i did not have it turn on @ the pfsense.  Removed the LZ0 line from the client config, and everything seems ok.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.