Open VPN and Android $25-50
-
Thanks that works even better. My question is if I can't use TAP what does TUN get me how do I use it to access the things on my network?
-
I can access my pcs on my network just fine. I just push the network to the client and have no issues. I remote to my computers via my phone all the time. Its just the vpn network has to be different than the local network. I forgot about that client. I had issues getting it to work right on my phone..
-
It works great, if you push a DNS server to the VPN client and you also have your hostnames all setup on pfSense (either using DNS overrides or DHCP host registration) you can even hit things over the network by name, you just can't "browse" the network for windows file sharing. Though even that can work if you have a local WINS server.
-
what happens if I set the tunnel subnet the same as the local
-
It will not work - you can't have the same subnet on both interfaces like that in a routed setup, at least not that I've seen work, and not that would be really feasible to do. (Presumably you could block out a "subnet" of /25 or so inside your LAN, use that for the tunnel network, and then setup proxy ARP VIPs on LAN to cover that same block, and then make sure you don't use that block of the subnet locally… but that's ugly, may not work, and is sure to cause some routing issues somewhere... and you still don't get broadcast traffic!)
It can be done in tap mode with bridging but it can't be done in tun mode.
-
Not sure if this helps, but instead of worrying about bridging or TAP mode, I found this topic about IGMP proxy: http://forum.pfsense.org/index.php?topic=41497.0
This let me find the media server on my device. After that, it's just a matter of firewall rules letting the traffic pass.
I can play DLNA content from my Nexus7 now.-timotl
-
That is what I want as my end result. Could you fill me in on your configuration settings. I have been able to access my media server via IP through the VPN but I would like it to work more nativly
Also since I can't make my LAN and VPN on the same subnet can I have a few of my devices on the VPN subnet? I know but just trying tofigure out what I can use my shiny new PF sense box for.
-
I don't have a spare install right now, so part of this is from memory.
Also, I am using 2.1Beta0 but I think all of these are the same for 2.0.1First you have to create a new interface and assign openvpn to it.
Go to Interfaces, Assign and click + to create a new one.
Click on the new interface and enable it and name it and click Save.
l be listed in the port drop down after you create a new interface.
Back in the interfaces list, assign the OpenVPN port from the dropdown and save again.Then go to Services, IGMP Proxy. Click + to add new interfaces to IGMP Proxy.
I set mine up as LAN is downstream with my LAN network address and the newly created OpenVPN interface as upstream with the OpenVPN network address. Save the config and check under Status, Serviced to see if it's running.Because I am the only one that uses my VPN, my firewall rules are set for any-any for everything OpenVPN. I also am not sure if the rules need to be created for the OpenVPN tab or the new interface name. I currently have rules for both wide open and haven't cared to play with them further.
Hope it helps.
-timotl
-
I had everything working but then I moved from an embedded to a hard drive install now after following the guide again when I go to up load the cert on the android app it says:
option tls- remote has 4 parameters, expected between 1 and 1and it fails to set up the VPN
Any ideas using open VPN app
-
Someone replied when you posted that same question in another thread - but for the record:
Your server CN probably has a space in it. As such you probably need to make sure you check the box to quote the server CN before exporting.
The Android client wants/needs the quotes, but the windows client chokes on the quotes.
The best solution is to avoid using a server CN with spaces in it.
-
Is that the strict user/ CN matcher box that should be checked and f not what box and where can I find it?
Thank you. -
No it is not. It is not on the server config it's on the export tab.
-
I found using IPSEC worked perfectly >_< I'm on ICS as well. There's a well written guide as well that I'll have to find and post.