Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I can't see other computers when connected to my OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    13 Posts 4 Posters 14.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tclarkbar
      last edited by

      Long time lurker, first post. Networking is more of a hobby than a career so here I sit.

      I was able to follow the sticky on setting up OpenVPN on pfSense - Installation guide for (Windows) Dummies :-) (road-warrior). For the most part I used most of the settings recommended that fit my network.

      I am to the point that I can connect to my pfsence router (1.2.3-Release) from an outside network, however I cannot see any of the other computers within the network.

      For testing purposes I am tethering to my Droid from my laptop running Windows7. OpenVPN gives me an address of 192.168.200.6. When I run ipconfig, I do notice that I don't have a default gateway and my subnet is 255.255.255.252 (as apposed to 255.255.255.0 when inside the network)

      My home network is 192.168.1.1/24

      I think that I may have a firewall rule messed up. But I don't really know where to go from here to continue troubleshooting. Any help/advice would be great.

      Thanks

      Edit:
      I've been trying to follow this info on bridging:
      http://goo.gl/erHDL & http://goo.gl/gWU5E

      When I add this line to my OpenVPN server custom options, I cannot connect anymore
      server-bridge 192.168.1.1 255.255.255.0 192.168.200.0 192.168.200.255

      and I am not entirely sure where this is refering to:
      "and then go edit /conf/config.xml."

      1 Reply Last reply Reply Quote 0
      • S
        SeventhSon
        last edited by

        @tclarkbar:

        When I run ipconfig, I do notice that I don't have a default gateway

        That's not good, that should be the pfSense OpenVPN Server IP. Could be and option in the client as well.

        I think that I may have a firewall rule messed up. But I don't really know where to go from here to continue troubleshooting. Any help/advice would be great.

        If you're unsure either turn on logging for that rule and default deny rule or if it's a testing setup, make a firewall rule to pass all on the interfaces involved.

        When I add this line to my OpenVPN server custom options, I cannot connect anymore
        server-bridge 192.168.1.1 255.255.255.0 192.168.200.0 192.168.200.255

        and I am not entirely sure where this is refering to:
        "and then go edit /conf/config.xml."

        You need to go to Diagnostic - Edit File and edit /conf/config.xml then add the the lines in the guide.

        1 Reply Last reply Reply Quote 0
        • J
          jai23155
          last edited by

          hey, it's been a week since i am searching for this. mine is same problem. please reply me if you find a solution. thanks

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            jai23155 why don't you provide details of your configuration so we can tell if you're suffering from exactly the same problem as you think, or if it's completely unrelated.

            1 Reply Last reply Reply Quote 0
            • J
              jai23155
              last edited by

              hi, my configuration
              main office LAN-192.168.10.0/24 behind pfsense
              looking to set up open vpn client for remote users. created certificates, keys  and config files. open vpn server on pfsense box.
              protocol tcp
              local port 1194
              address pool 192.168.12.0/24
              local network 192.168.10.0/24
              cryptograohy bf-cbc (128 bit)
              PKI
              disable netbios
              lzo compression

              tried from a pc which is outside lan, can connect to pfsense box, but neither ping any pc on LAN nor browse windows shares on server.
              when connected it is giving a ip at web GUI. but there is no ip on interface when i did ipconfig /all, it is showing a self assigned ip (168.254.37.38).
              the pc outside the LAN is server 2008 (i am testing from) if it makes any difference. when i tested it from my home (win 7 laptop), i can see the adress assigned on interface 192.168.12.6, dhcp server 192.168.12.5; but subnet is 255.255.255.252 rather than 255.255.255.0.
              i am already running IPsec tunnel between two of our sites. there is no open vpn tab in firewall and no process running for openVPN.
              please find attached to see my openvpn server config. thanks

              1 Reply Last reply Reply Quote 0
              • Cry HavokC
                Cry Havok
                last edited by

                The inability to browser shares has been discussed many times - that's usually down to attempting to use WINS on a routed network without using a WINS server.

                Can you post a screenshot of the server settings and a copy of the client configuration file, as well as the client log.

                1 Reply Last reply Reply Quote 0
                • J
                  jai23155
                  last edited by

                  please find attached server config.
                  client config:
                  client
                  dev tun
                  proto tcp
                  remote xxx.xxx.xxx.xxx 1194
                  ping 10
                  resolv-retry infinite
                  nobind
                  persist-key
                  persist-tun
                  ca ca.crt
                  cert ovpn_client1.crt
                  key ovpn_client1.key
                  ns-cert-type server
                  comp-lzo
                  pull
                  verb 3
                  we are using server 2008 r2 as domain controller and wins server which is at 192.168.10.xxx.

                  pfsense1.png
                  pfsense1.png_thumb
                  pfsense2.png
                  pfsense2.png_thumb

                  1 Reply Last reply Reply Quote 0
                  • Cry HavokC
                    Cry Havok
                    last edited by

                    Can I suggest that you push the DNS and WINS servers for the LAN and set the NetBIOS mode to p.

                    If you're still having problems after that don't forget to post the rest of the information I asked for ;)

                    1 Reply Last reply Reply Quote 0
                    • J
                      jai23155
                      last edited by

                      did what you said. but no use, still same result. i couldn't even see my open vpn service running in status or in firewall.
                      my client config is
                      client
                      dev tun
                      proto tcp
                      remote xxx.xxx.xxx.xxx 1194
                      ping 10
                      resolv-retry infinite
                      nobind
                      persist-key
                      persist-tun
                      ca ca.crt
                      cert ovpn_client2.crt
                      key ovpn_client2.key
                      ns-cert-type server
                      comp-lzo
                      pull
                      verb 3
                      i am already running an IPsec tunnel between two sites. is there any ipsec opn client softwares, so that i dont have to struggle with openvpn.
                      thanks

                      1 Reply Last reply Reply Quote 0
                      • Cry HavokC
                        Cry Havok
                        last edited by

                        As you're consistently not supply the requested client logs it's hard to help you. Of course, if you haven't started the OpenVPN service that might explain why it isn't working.

                        As for IPsec clients, there are some good options and if you look in the IPsec forum you'll find various options.

                        1 Reply Last reply Reply Quote 0
                        • J
                          jai23155
                          last edited by

                          sorry, forgot to paste log file, here it is
                          Fri Feb 04 14:03:25 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
                          Fri Feb 04 14:03:25 2011 WARNING: –ping should normally be used with --ping-restart or --ping-exit
                          Fri Feb 04 14:03:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
                          Fri Feb 04 14:03:25 2011 LZO compression initialized
                          Fri Feb 04 14:03:25 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
                          Fri Feb 04 14:03:25 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
                          Fri Feb 04 14:03:25 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
                          Fri Feb 04 14:03:25 2011 Local Options hash (VER=V4): '69109d17'
                          Fri Feb 04 14:03:25 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
                          Fri Feb 04 14:03:25 2011 Attempting to establish TCP connection with 194.105.164.81:1194
                          Fri Feb 04 14:03:25 2011 TCP connection established with 194.105.164.81:1194
                          Fri Feb 04 14:03:25 2011 TCPv4_CLIENT link local: [undef]
                          Fri Feb 04 14:03:25 2011 TCPv4_CLIENT link remote: 194.105.164.81:1194
                          Fri Feb 04 14:03:25 2011 TLS: Initial packet from 194.105.164.81:1194, sid=7725128e 2a69e6c7
                          Fri Feb 04 14:03:26 2011 VERIFY OK: depth=1, /C=UK/ST=NA/L=Aberdeen/O=EFCGROUP/CN=pfsense/emailAddress=IT@efcgroup.net
                          Fri Feb 04 14:03:26 2011 VERIFY OK: nsCertType=SERVER
                          Fri Feb 04 14:03:26 2011 VERIFY OK: depth=0, /C=UK/ST=NA/O=EFCGROUP/CN=server/emailAddress=IT@efcgroup.net
                          Fri Feb 04 14:03:27 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
                          Fri Feb 04 14:03:27 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
                          Fri Feb 04 14:03:27 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
                          Fri Feb 04 14:03:27 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
                          Fri Feb 04 14:03:27 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
                          Fri Feb 04 14:03:27 2011 [server] Peer Connection Initiated with 194.105.164.81:1194
                          Fri Feb 04 14:03:29 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
                          Fri Feb 04 14:03:30 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,dhcp-option DNS 192.168.10.115,dhcp-option WINS 192.168.10.115,dhcp-option NBT 2,dhcp-option DISABLE-NBT,route 192.168.12.1,ping 10,ping-restart 60,ifconfig 192.168.12.6 192.168.12.5'
                          Fri Feb 04 14:03:30 2011 OPTIONS IMPORT: timers and/or timeouts modified
                          Fri Feb 04 14:03:30 2011 OPTIONS IMPORT: –ifconfig/up options modified
                          Fri Feb 04 14:03:30 2011 OPTIONS IMPORT: route options modified
                          Fri Feb 04 14:03:30 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
                          Fri Feb 04 14:03:30 2011 ROUTE default_gateway=95.131.64.1
                          Fri Feb 04 14:03:30 2011 TAP-WIN32 device [Local Area Connection 5] opened: \.\Global{2DC55850-9ABE-45DB-9A1F-284E136D85FD}.tap
                          Fri Feb 04 14:03:30 2011 TAP-Win32 Driver Version 9.7
                          Fri Feb 04 14:03:30 2011 TAP-Win32 MTU=1500
                          Fri Feb 04 14:03:30 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.12.6/255.255.255.252 on interface {2DC55850-9ABE-45DB-9A1F-284E136D85FD} [DHCP-serv: 192.168.12.5, lease-time: 31536000]
                          Fri Feb 04 14:03:30 2011 Successful ARP Flush on interface [20] {2DC55850-9ABE-45DB-9A1F-284E136D85FD}
                          Fri Feb 04 14:03:35 2011 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
                          Fri Feb 04 14:03:35 2011 Route: Waiting for TUN/TAP interface to come up…
                          Fri Feb 04 14:03:40 2011 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
                          Fri Feb 04 14:03:40 2011 Route: Waiting for TUN/TAP interface to come up...
                          Fri Feb 04 14:03:41 2011 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down

                          Fri Feb 04 14:04:06 2011 C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 192.168.12.5
                          Fri Feb 04 14:04:06 2011 Warning: route gateway is not reachable on any active network adapters: 192.168.12.5
                          Fri Feb 04 14:04:06 2011 Route addition via IPAPI failed [adaptive]
                          Fri Feb 04 14:04:06 2011 Route addition fallback to route.exe
                          OK!
                          Fri Feb 04 14:04:06 2011 C:\WINDOWS\system32\route.exe ADD 192.168.12.1 MASK 255.255.255.255 192.168.12.5
                          Fri Feb 04 14:04:06 2011 Warning: route gateway is not reachable on any active network adapters: 192.168.12.5
                          Fri Feb 04 14:04:06 2011 Route addition via IPAPI failed [adaptive]
                          Fri Feb 04 14:04:06 2011 Route addition fallback to route.exe
                          OK!
                          SYSTEM ROUTING TABLE
                          0.0.0.0 0.0.0.0 95.131.64.1 p=0 i=17 t=4 pr=3 a=763 h=0 m=31/0/0/0/0
                          95.131.64.0 255.255.248.0 95.131.64.61 p=0 i=17 t=3 pr=3 a=760 h=0 m=286/0/0/0/0
                          95.131.64.61 255.255.255.255 95.131.64.61 p=0 i=17 t=3 pr=3 a=760 h=0 m=286/0/0/0/0
                          95.131.71.255 255.255.255.255 95.131.64.61 p=0 i=17 t=3 pr=3 a=760 h=0 m=286/0/0/0/0
                          127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                          127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                          127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                          169.254.0.0 255.255.0.0 169.254.117.131 p=0 i=20 t=3 pr=3 a=115 h=0 m=286/0/0/0/0
                          169.254.117.131 255.255.255.255 169.254.117.131 p=0 i=20 t=3 pr=3 a=115 h=0 m=286/0/0/0/0
                          169.254.255.255 255.255.255.255 169.254.117.131 p=0 i=20 t=3 pr=3 a=115 h=0 m=286/0/0/0/0
                          192.168.10.0 255.255.255.0 192.168.12.5 p=0 i=17 t=4 pr=3 a=0 h=0 m=31/0/0/0/0
                          192.168.12.1 255.255.255.255 192.168.12.5 p=0 i=17 t=4 pr=3 a=0 h=0 m=31/0/0/0/0
                          224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                          224.0.0.0 240.0.0.0 95.131.64.61 p=0 i=17 t=3 pr=3 a=763 h=0 m=286/0/0/0/0
                          224.0.0.0 240.0.0.0 169.254.117.131 p=0 i=20 t=3 pr=3 a=763 h=0 m=286/0/0/0/0
                          255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                          255.255.255.255 255.255.255.255 95.131.64.61 p=0 i=17 t=3 pr=3 a=763 h=0 m=286/0/0/0/0
                          255.255.255.255 255.255.255.255 169.254.117.131 p=0 i=20 t=3 pr=3 a=763 h=0 m=286/0/0/0/0
                          SYSTEM ADAPTER LIST
                          TAP-Win32 Adapter V9
                            Index = 20
                            GUID = {2DC55850-9ABE-45DB-9A1F-284E136D85FD}
                            IP = 169.254.117.131/255.255.0.0
                            MAC = 00:ff:2d:c5:58:50
                            GATEWAY = 0.0.0.0/255.255.255.255
                            DHCP SERV = 
                            DHCP LEASE OBTAINED = Fri Feb 04 14:04:06 2011
                            DHCP LEASE EXPIRES  = Fri Feb 04 14:04:06 2011
                            DNS SERV = 
                          Broadcom NetXtreme Gigabit Ethernet #4
                            Index = 17
                            GUID = {0CC3C516-5227-47CA-861F-AFCCEEE265C0}
                            IP = 95.131.64.61/255.255.248.0
                            MAC = 00:25:64:3b:76:a5
                            GATEWAY = 95.131.64.1/255.255.255.255
                            DNS SERV = 79.170.43.250/255.255.255.255
                          Broadcom NetXtreme Gigabit Ethernet #3
                            Index = 16
                            GUID = {A55B484F-D466-4FF5-9C76-FA7BC34CEA66}
                            IP = 0.0.0.0/0.0.0.0
                            MAC = 00:25:64:3b:76:a6
                            GATEWAY = 0.0.0.0/255.255.255.255
                            DHCP SERV = 
                            DHCP LEASE OBTAINED = Fri Feb 04 14:04:06 2011
                            DHCP LEASE EXPIRES  = Fri Feb 04 14:04:06 2011
                            DNS SERV = 
                          Fri Feb 04 14:04:06 2011 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )

                          thanks

                          1 Reply Last reply Reply Quote 0
                          • J
                            jai23155
                            last edited by

                            anyway, i got IPsec vpn client up and running in few minutes. but, i really want to know how to get open vpn up ?? thanks

                            1 Reply Last reply Reply Quote 0
                            • Cry HavokC
                              Cry Havok
                              last edited by

                              The log shows the problem, and even links you to a FAQ entry telling you what to check - see here. If you're using Windows Vista or Windows 7 ensure you run the client as an Administrator (right click -> run as administrator).

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.