OVPN: Win XP client - no access to shared files through TAP interface IP
-
Hi all. I read a lot in the OpenVPN section of the forum and on the ovpn website but could't find a solution for my problem.
I'm new on OpenVPN but I managed (following the HOWTO) to setup VPN between my office LAN (192.168.2.0/24) behind a pfsense box and my home win xp computer (client). Everything worked fine - i can ping the LAN from the client, have Remote desktop access, shared files.
But the problem is i can't access the client (192.168.10.6 - ovpn ip client) from a computer behind pfsense (LAN network). Also I try locally to access the OVPN ip but it doesn't work (probably it needs a route from the physical ethernet adapter to the TAP). Here are a few screens to make it more clear.
client computer: i try to connect to my shared files locally through the TAP interface?!? is it possible?
client computer: i try to connect to my shared files locally through the ethernet interface. it works
my virtual tap interface:
my pfsense server config is:
the client config file is from the HOWTO:
client
dev tun
proto udp
remote x.x.x.x 1194
ping 10
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client_ovpn1.crt
key client_ovpn1.key
ns-cert-type server
cipher bf-cbc
comp-lzo
pull
verb 3:-\
I would really appreciate the help.
Thanx -
Hi (evidently cz/sk mate? :D), try checking whether firewall doesn't block ICMP packets (SMB/CIFS sharing needs ICMP Request/Reply packets to go thru) or checking firewall (on client [192.168.10.6] side) at all. If this doesn't help, try sniffing packet flow and maybe you will see something suspicious. Or maybe you can really have got problem with routing - so try to add
pullcommand to your router's IP address. But I'm not sure if you'll be able to use routing - I'm using bridging instead, because I've read about that It's only way how to get sharing in windows working (but it's second hand information, so it can be wrong). -
Thank you for your reply. But I'm not really familiar with sniffing… i'll try a little google search on the subject :)
I forgot to mention in my previous post that remote desktop works from a LAN pc(behind pfsense) to 192.168.10.6!!
Cheers
p.s. why is it evident that i'm sk/cz? actually i'm bg
-
Is the remote desktop working without any problems? If so, there is probably no issue with ICMP packet flow, but something else. Packet sniffing could help you to determine if packets are going thru correct interface. You can try for example Wireshark (www.wireshark.org) on Windows machines or tcpdump in SSH session of your pfSense router (there is no need to install it - just check manual page - http://www.manpages.info/freebsd/tcpdump.1.html and use it).
Oh, ok… I'm sorry, because I saw shared folder's name "sklad_computer" and word "sklad" has meaning in czech language. ;) -
ok, after reading a lot in the forum i realized that it is not possible to have access to the windows shares in a routed mode (without samba or wins server). so i changed my configuration to a bridged mode. I am connected but still can't figure how to route to my client ethernet through the TAP interface.
However, when I make a bridge on the client pc (windows xp) between the ethernet card and tap , i finally got what i wanted. I have access to the windows shares through the tap ip(192.168.2.128). My question is if it is possible to do this without a bridge on the client side. In the custom options on pfsense ovpn server i have : server-bridge 192.168.2.254 255.255.255.0 192.168.2.128 192.168.2.135; push "route 192.168.5.0 255.255.255.0"; route 192.168.2.128 255.255.255.0
192.168.50.0 255.255.255.0 is my ethernet card subnet
and 192.168.2.128 is the ip i get on the TAP interface…any suggestions? :-\
-
ok, after reading a lot in the forum i realized that it is not possible to have access to the windows shares in a routed mode (without samba or wins server). so i changed my configuration to a bridged mode. I am connected but still can't figure how to route to my client ethernet through the TAP interface.
This is not true.
A windows share IS a samba server.
I'm not sure what you did wrong, but i access my windows shares at home all the time through OpenVPN. In a standard routed setup. –> NOT a bridged setupAre you sure you dont have the windowsfirewall enabled?
-
I am using pppoe through the lan interface on the client side. Only the pppoe has the firewall enabled. Both tap and lan have file and printer sharing enabled and the client for windows networks too.
So, do you mean that these routes between TAP and ethernet card are generated automatically? Or do u have any special routes to access the windows shares with the TAP IP?
if i did something wrong it should be on the client side(win xp) i guess, since i have access to the LAN behind pfsense OVPN server.
thanx for the help!
-
Finallyyyyyyyyy, i found what the problem was!!!!!
I unchecked the DHCP-Opt.: Disable NetBIOS option in the pfsense gui, i did everything according to the HOWTO but i guess this option wasn't explained very well.
I'm very happy. Now my ovpn works perfectly. Hope so at least :)))
Cheers.
I think this thread could be closed now
-
bravo83 when you said it works do you mean you can connect to clients using their ip addresses, or can you actually see them in the workgroup section too? I can connect using the IPs of the computers behind my LAN but when i go to my workgourps i don't see them there… DO i need to setup WINS for that?
-
The workgroup relies on UDP broadcasts which naturally cannot get over a router.
Yes you need to assign a WINS entry per DHCp and a WINS server if you want to work with the workgroup. -
oh ok, luckily i only need to share files with 1 or 2 pcs, so i can just connect to them using their ip addresses. Thanks for the help.
-
i meant that i can access the ip-s now..
however, i changed my setup to bridged mode and i can do browsing as well now. Routed mode is recommended but i could't get a program working which uses a sql database on a server behind the pfsense box…
-
bravo83 may i ask which guide did you specifically follow to enable bridging on pfSense?
Thanks.
