Openvpn with XP client, no route?
-
Hi All,
This should be simple.
I'm setting up some winXP Road Warrior clients to connect using openvpn. I followed the instructions by stefcho, everything seemed to work fine. The warriors connect. But they cannot ping or connect to any of the machines with my network. The "default gateway" is blank on the XP machines (using ipconfig at at dos prompt).
Is this a problem with the 'tunnel settings' -> 'local network' of the vpn server?
My local network is 192.168.2.0
The vpn is 192.168.11.0
I think I can leave the local network blank. Do I have to push a route? Shouldn't it by default get a route to my lan?My pfSense is 2.0.1.
Thanks,
Julien -
It is a problem of your OpenVPN Server.
You need to add the routes behind your OpenVPN Server to the RoadWarriors. This can be done by setting the "local network".Or you add custom options like:
push "route 192.168.100.0 255.255.255.0";And of courese - set the correct firewall rules for your OpenVPN RoadWarriors :)
-
OK,
I have a 'local network' which is 192.168.2.0/24
And I have this down in the advanced:
push "route 192.168.2.0 255.255.255.0"There is an firewall rule in the WAN tab for the openvpn which I believe was automatically created.
Still I am not able to get to the local machines using a Road Warrior. I can connect fine, get an IP (which I think was 192.168.11.6.)
But the Road Warrior cannot connect to the local machines.Anyone have any troubleshooting ideas? I have pretty much the typical setup, no fancy stuff.
-
check "route print" on the Windows machine, make sure it has the route. If it doesn't, check the OpenVPN log on Windows, it'll complain with why it didn't add the route. If it does have the route, check Firewall>Rules, OpenVPN on the server side.
-
OK,
I have a 'local network' which is 192.168.2.0/24
And I have this down in the advanced:
push "route 192.168.2.0 255.255.255.0"There is an firewall rule in the WAN tab for the openvpn which I believe was automatically created.
Still I am not able to get to the local machines using a Road Warrior. I can connect fine, get an IP (which I think was 192.168.11.6.)
But the Road Warrior cannot connect to the local machines.Anyone have any troubleshooting ideas? I have pretty much the typical setup, no fancy stuff.
Do not use the same network on both. Just use it in "Local Network" or in custom options.
-
check "route print" on the Windows machine, make sure it has the route. If it doesn't, check the OpenVPN log on Windows, it'll complain with why it didn't add the route. If it does have the route, check Firewall>Rules, OpenVPN on the server side.
cmb, Thanks for the reply
The LAN I'm trying to connect to is 192.168.2.0. The tunnel network is 192.168.11.0.
On the winXP machine "ipconfig" gives me my local IP is 10.0.0.14 and gateway is 10.0.0.1. Fine.
It also lists the openVPN IP is 192.168.11.6, gateway is blank."route print" gives me bunch of info, at the bottom is has the default gateway as 10.0.0.1. No other gateway.
I'm not sure what I'm looking for in here, what should my gateway be?I don't see any mention in the openvpn logs about the route, that is bugging me.
I can ping 192.168.11.1 from the roadwarrior machine, not sure what that means.
-
OK,
I have a 'local network' which is 192.168.2.0/24
And I have this down in the advanced:
push "route 192.168.2.0 255.255.255.0"There is an firewall rule in the WAN tab for the openvpn which I believe was automatically created.
Still I am not able to get to the local machines using a Road Warrior. I can connect fine, get an IP (which I think was 192.168.11.6.)
But the Road Warrior cannot connect to the local machines.Anyone have any troubleshooting ideas? I have pretty much the typical setup, no fancy stuff.
Do not use the same network on both. Just use it in "Local Network" or in custom options.
Thanks Nacht,
OK, I got rid of the route in the custom options, still no dice. I'm going to try connecting using an old linux laptop as my next stab at this.
-
You run the OpenVPN client as an user with admin rights ?
The Windows client - does it allow connections/pings from other hosts on other subnets ? Try diabling the firewall on the client.
Add an "any to any" firewall rule on the pfsense firewall OpenVPN tab. -
You run the OpenVPN client as an user with admin rights ?
The Windows client - does it allow connections/pings from other hosts on other subnets ? Try diabling the firewall on the client.
Add an "any to any" firewall rule on the pfsense firewall OpenVPN tab.For better troubleshooting, I connected using a Linux laptop, I think I see the route problem:
The LAN I'm connecting to is 192.168.2.0, client PTP is 192.168.11.5, client IP is 192.168.11.6
From the Linux laptop connected this is the "route" output:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.11.5 * 255.255.255.255 UH 0 0 0 tun0
192.168.11.1 192.168.11.5 255.255.255.255 UGH 0 0 0 tun0
192.168.11.0 192.168.11.5 255.255.255.0 UG 0 0 0 tun0 < wrong ??
192.168.1.0 * 255.255.255.0 U 303 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default Wireless_Broadb 0.0.0.0 UG 303 0 0 eth1I think the 'wrong' line should be:
192.168.2.0 192.168.11.5 255.255.255.0 UG 0 0 0 tun0So if I type the command:
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.11.5Now it works, I can ping the firewall which is 192.168.2.6 and other machines on the LAN 192.168.2.0
So, is that line wrong? If so, what can I do? Or am I completely on the wrong track here?
Julien
OK everyone, never mind. I just looked at my advanced options and I had 192.168.2.11 and the route being pushed.
I changed it to: push "route 192.168.2.0 255.255.255.0"; and now it works.So I'm thinking, the Local Network has to be blank and the "Advance Configuration" has to have a push?