After connecting

poly_s

@ marvosa
Ok thanks for letting me know where the .conf file was…. here is its content.

dev ovpns1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local **.***.***.**
tls-server
server 10.1.5.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport ****
management /var/etc/openvpn/server1.sock unix
max-clients 2
push "route 192.168.1.100 255.255.255.0"
push "redirect-gateway def1"
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 

poly_s

UPDATE

Success in part!!! I can now surf the web via the pfsense box.

My error was having the Subnet of the LAN set as a common one (192.168.0.1) such that the remote network had the same and conflicted.

I changed the IP of the LAN to a different Subnet and changed the DHCP address pool range also to coincide. It was also necessary to tell the Access Point about this change.

I am still unable to view my network behind the pfsense box however.

Thanks to Nachfalke for turning me on to the "redirect traffic …" settings and to Marvosa for showing me the .conf file which when I stared at enough seemed to show me the possible problem to look into more.

I'm going to try the AP settings first to see if a problem there is stopping me get through to the Samba server.

Nachtfalke

Try to do something simple to test the connection behind your pfsense:
do a ping
do a tracert
make sure that the destination host (host behind pfsense) allows traffic from hosts on your VPN network. Disable the firewall for testing on these hosts.

How do you connect to your samba server - by IP ? \ip.ip.ip.ip\share ?

Is the accesspoint doing NAT or routing or is it just acting as a wireless bridge ? IIn bridge mode it should be ok/work.
When doing routing on the AP then you need to define additional routes on OpenVPN Server.

poly_s

@ nachtfalke

The AP is in bridge mode so I guess the problem is not there.

I access the samba server Via explorer where it appears under "network".

So from what your saying its most likely a fire wall rule ( or lack there of )that allows traffic from samba server to VPN?

OR

Settings on the samba server itself???

Thanks again.

Nachtfalke

@poly_s:

@ nachtfalke

The AP is in bridge mode so I guess the problem is not there.

I access the samba server Via explorer where it appears under "network".

So from what your saying its most likely a fire wall rule ( or lack there of )that allows traffic from samba server to VPN?

OR

Settings on the samba server itself???

Thanks again.

If you have "any to any" on OpenVPN firewall rule this should be ok.
Firewall on samba server - the firewall must allow traffic from the OpenVPN network - if your samba server has a firewall enabled.
On OpenVPN server GUI try to enable:
"Enable NetBIOS over TCP/IP" and try with "h-node" or some other setting.

Which protocol and port do you use to connect to the samba server ?
enable logging on the OpenVPN firewall rule to get this information.

joako

Assuming you can ping across the VPN, on the server make sure you have the NMB service enabled and then put it's IP address under the WINS field in OpenVPN config.

poly_s

Success

Ok Thanks again.

I can now access my "\server\guest share" over the VPN

Not sure if it was enabaling netbios or adding WINS server or neither.

When I get a second i'm going to back both of these off and see which one it was or if it was just user error and the problem was in fact fixed after I sorted the IP conflict.

I Am one happy Pfsense/OpenVpn user.

marvosa

It's both.  NMBD or WINS is the only way to resolve NETBIOS names in a routed VPN solution.

And the "Enable NetBIOS over TCP/IP" check box, it tells you right next to it:

"If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled."

So, the answer is both.

extide

You can do it without WINS, actually, but you will need something else (DNS, hosts file, etc) to resolve your names.

poly_s

Doing it without WINS would be nice as I read that WINS is open to abuse and unreliable (wiki) Thanks for the info Extide.

So its as simple as editing my host file to resolve the name of the server to the IP?

extide

Yes, you can do it that way. As long as you have NetBIOS over TCP/IP and can ping the server by name (which should resolve into the IP) you should be good to go.

joako

In that case say your fqdn is server.something.tld  place something.tld in "DNS-Domainname," pfsense LAN IP in "DNS-Server" and make sure you can resolve fqdn through pfsense (place it in Services > DNS Resolver) and you should be able to open up \server as well.

Disable nmb service, remove WINS from OpenVPN and don't forget to reconnect.