OpenVPN client cannot route to LAN
-
Hi all,
I've configurated my VPN with pfsense 2.0.2 but after that the connection has been established, the vpn client cannot connect to the server on the lan network.
When I execute a traceroute, it stops on the gateway address (subsequents hops get time out.
I've used the wizard for the configuration. Below there are the configurations.
Any suggestion?
Regards.LAN 10.0.0.0/24
DMZ 172.26.101.0/24
WAN 1.1.1.1Server has 3 network adapters, one for every vlan
STATIC ROUTE
Name Interface Gateway Monitor IP Description
WANGW (default) WAN 1.1.1.1 1.1.1.1 WAN Gateway
GWLAN LAN 10.0.0.2 10.0.0.2 GW LAN
GWDMZ DMZ 172.26.101.2 172.26.101.2 GW DMZSERVER CONFIG dev ovpns1 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 1.1.1.1 tls-server server 192.168.2.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc username-as-common-name auth-user-pass-verify /var/etc/openvpn/server1.php via-env tls-verify /var/etc/openvpn/server1.tls-verify.php lport 1194 management /var/etc/openvpn/server1.sock unix max-clients 5 push "route 10.0.0.0 255.255.255.0" ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.1024 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo persist-remote-ip float push "route 172.26.101.0 255.255.255.0" CLIENT CONFIG dev tun persist-tun persist-key proto udp cipher AES-128-CBC tls-client client resolv-retry infinite remote 1.1.1.1 1194 tls-remote pfsense02 auth-user-pass pkcs12 pfsense02-udp-1194-mdandrea02.p12 tls-auth pfsense02-udp-1194-mdandrea02-tls.key 1 comp-lzo
-
What's the IP of your server?
Post the firewall rules off the openvpn tab.
-
What's the IP of your server?
Post the firewall rules off the openvpn tab.
Many Thanks for your reply.
10.0.0.2 LAN
172.26.101.2 DMZ
1.1.1.1 WAN (not real ip)
In attach there are the rules.
BEst regards.
Matteo
-
Hi All,
I've resolved the problem. I've found an error in the configuration
thanks a lot. -
Care to share with us what the error was?
-
Hi All,
I've resolved the problem. I've found an error in the configuration
thanks a lot.hi sir!
I failed you, but I do not know how to handle.You can share how to handle errors that are not.Thank you