• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

WinXP OpenVPN client connects but is unable to access share

Scheduled Pinned Locked Moved OpenVPN
18 Posts 6 Posters 15.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bobodod
    last edited by Jul 22, 2011, 2:44 PM

    Should I move this to a different subforum?

    1 Reply Last reply Reply Quote 0
    • B
      bobodod
      last edited by Jul 22, 2011, 7:20 PM

      Actually, I think that's probably as far as I can get in a forum setting. There's just on-site troubleshooting to be done now.

      CMB, thanks much for your time and for confirming my OpenVPN config.

      1 Reply Last reply Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator
        last edited by Jul 22, 2011, 7:59 PM Jul 22, 2011, 7:49 PM

        Ok going to have to look up this bug #125 in 2.2.1 because I am using it just fine.

        So here at work, on XP box - and connected via openvpn road warrior into my pfsense box (2.1-DEVELOPMENT (i386))

        I don't have any issues accessing the pfsense webui through the vpn, nor do I have any access with shares on boxes on the other side of my vpn.  Now you will have to auth to them, which you might have an issue if you say just run \ipaddress

        So you can see in attached, pinging - then net view says access denied, so I auth and then good can view and access the share just fine via unc, or can map a drive letter, etc. etc.

        Now I have not used 1.2.3 in quite some time, is there some reason you don't/cant run the 2.0?  But as I recall I never had a problem with doing this on 1.2.3 either.

        Can you post what happens via doing the same sort of thing I did in the attached image?

        For completeness I just checked the version of openvpn on my pfsense box
        [2.1-DEVELOPMENT][admin@pfsense.local.lan]/root(10): openvpn –version
        OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jul  6 2011
        Originally developed by James Yonan
        Copyright (C) 2002-2010 OpenVPN Technologies, Inc. sales@openvpn.netBTW how would that bug come into play??  Is the 125 your talking about? https://community.openvpn.net/openvpn/ticket/125
        Build CA is broken in Windows on version 2.2 release

        smbaccess.jpg
        smbaccess.jpg_thumb/sales@openvpn.net

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • B
          bobodod
          last edited by Jul 22, 2011, 8:05 PM

          Thanks, John. I'll try those things and reply.

          No, there's no reason I'm using 1.2.3 over 2.0, except that I'm a newbie and the book covers 1.2.3. I'm comfortable enough now that I could upgrade it.

          That's right about bug 125 stopping me because I ran easy-rsa on the client and couldn't run "build-ca.bat". Now, though, I would run it on the pfSense box. So I could upgrade that, too.

          1 Reply Last reply Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator
            last edited by Jul 22, 2011, 8:15 PM

            I would just move to the 2.0 line, I think its not far from being released.  As you can see I moved to the 2.1 development they moved the IPv6 stuff there.  I would highly recommend that if you want to play with ipv6.

            Man its been awhile since I was on 1.2.3, I think I moved over to 2 on one of the early betas, I know it was well before the RCs – to be honest is been pretty freaking solid, couple of hickups with commits that caused some issues now and then -- but overall I have been very very pleased with it!!

            If you move over to the 2.0 stuff I can be of more help in getting your openvpn working, I use it daily from work to my home network - solid as a rock..  Even using it over a http proxy currently and still rock solid performance.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • R
              rkleivel
              last edited by Aug 30, 2011, 11:23 AM Aug 30, 2011, 11:05 AM

              Hi!
              Apparently I have much of the same problem…
              My goal is to have my Road Warriors getting the same experience as if they were inside the firewall.

              System: pfsense 2.0 RC3
              Client config:

              dev tun
              persist-tun
              persist-key
              proto tcp
              cipher BF-CBC
              tls-client
              client
              resolv-retry infinite
              remote xx.xxx.xx.xxx 1194
              tls-remote yyyyyyyyyy
              auth-user-pass
              ca pfSense-tcp-1194-ca.crt
              tls-auth pfSense-tcp-1194-tls.key 1
              

              OpenVPN connects fine both from windows (with OpenVPN client) and osx (tunnelblick client)
              I am able to ping servers (with IP-address) on my LAN from Road Warrior
              I am able to open web-addresses on my LAN from Road Warrior (e.g. the pfsense configurator)
              I'm however not able to map a network drive from windows, nor from osx with smb
              Ping on hostname does not work (UPDATE: solved with DNS-settings)
              mstsc to LAN with IP works (UPDATE: also works after editing DNS-settings)

              Example:
              I have a XP-computer with some shares on my lan, 192.168.8.100:

              C:\Users\Roald>net view \\192.168.8.100
              Systemfeil 53 har oppstått. (System error 53)
              
              Nettverksbanen ble ikke funnet. (Path not found)
              
              C:\Users\Roald>ping 192.168.8.100
              
              Pinger 192.168.8.100 med 32 byte data:
              Svar fra 192.168.8.100: byte=32 tid=142ms TTL=127
              Svar fra 192.168.8.100: byte=32 tid=160ms TTL=127
              Svar fra 192.168.8.100: byte=32 tid=148ms TTL=127
              Svar fra 192.168.8.100: byte=32 tid=87ms TTL=127
              

              Until recently I used the Endian Community firewall, and there this worked fine. I abandoned Endian for other reasons though.

              Thankful for any hint :)

              1 Reply Last reply Reply Quote 0
              • R
                rkleivel
                last edited by Sep 3, 2011, 6:46 AM

                No idea? Anybody?

                1 Reply Last reply Reply Quote 0
                • C
                  Cry Havok
                  last edited by Sep 3, 2011, 8:31 AM

                  Try using tap (bridge) instead of tun (routing).

                  1 Reply Last reply Reply Quote 0
                  • M
                    MoBO
                    last edited by Sep 13, 2011, 9:02 AM

                    Hi,

                    I get a similar problem but only related to the name resolution.

                    @rkleivel : what did you set on the DNS settings to make the name resolution to work ?

                    @Cry Havok : I tried to set "tap" instead of "tun" but I'm NOT able to connect at all !

                    Thanks

                    1 Reply Last reply Reply Quote 0
                    • C
                      Cry Havok
                      last edited by Sep 13, 2011, 10:22 AM

                      Do you get an IP address from the LAN DHCP server?

                      Are you in the same IP range? Can you connect from another computer on the LAN?

                      1 Reply Last reply Reply Quote 0
                      • M
                        MoBO
                        last edited by Sep 14, 2011, 5:24 PM

                        @Cry : Not sure these questions are for me but…

                        1. Using "tun" I'm able to connect without problem
                        2. Once "in"...
                        2.1 I'm able to ping everything on every LAN
                        2.2 I.m able to access resources from the file manager with \ipadress_share_

                        Actually, what I'm NOT able to do and cause me trouble is accessing resource with the "netbios" name.
                        Let's imagine I do have the following machine ;

                        • Name : server

                        • IP : 192.168.1.100

                        • Share : datas

                        Using : \192.168.1.100\datas -> Works !
                        Using : \server\datas -> Don't Work !

                        Looks like a simple issue but give me a lot of problems.
                        According rkleivel  it can be solved with the DNS !

                        Actually, my networks are setup like this ;

                        • Local LAN : 192.168.1.0/24

                        • Remote VPN : 10.0.8.0/24

                        • Remote LAN : 192.168.0.0/24

                        I added a picture of the remote VPN configuration of the network.
                        As you will see, I added both DNS server (VPN & RemoteLAN) but still not working.

                        pfsense_client_settings.jpg
                        pfsense_client_settings.jpg_thumb

                        1 Reply Last reply Reply Quote 0
                        • J
                          johnpoz LAYER 8 Global Moderator
                          last edited by Sep 14, 2011, 5:34 PM Sep 14, 2011, 5:27 PM

                          well it would make sense that you would not resolve netbios via broadcast methods over a vpn.  Your traffic is routed, not bridged so broadcast traffic would never get from your remote network to your segment on the other side of the vpn.

                          Yes dns would be a way of resolving name, or a wins server or host/lmhost file on your clients, etc.

                          so example, connected currently to my home network via openvpn from work.  my popcorn box, I can not view it by netbios name pch.  53 = can not find.

                          If I use dns, then it works pch.local.lan and I get error 5 access denied.  So I auth and then I can view, etc..

                          
                          D:\>net view \\pch
                          System error 53 has occurred.
                          
                          The network path was not found.
                          
                          D:\>net view \\pch.local.lan
                          System error 5 has occurred.
                          
                          Access is denied.
                          
                          D:\>net view \\192.168.1.99
                          System error 5 has occurred.
                          
                          Access is denied.
                          
                          D:\>net use \\pch.local.lan\ipc$ /u:pch\nmt 1234
                          The command completed successfully.
                          
                          D:\>net view \\pch.local.lan
                          Shared resources at \\pch.local.lan
                          
                          SMP8634 Share
                          
                          Share name  Type  Used as  Comment
                          
                          ------------------------------------------------------
                          share       Disk
                          The command completed successfully.
                          
                          

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received