Configuring VPN win7 clients with pfsense
-
Guys…just i want to mention a note:
i have changed pfsense' port from 1195 to 1194 after that just i want to connect Immediately this message appears :
failed to connect to your network
or something like that .
and when i go back to my settings what i got you know (that bad message) .
i think that will be useful .
-
It will be easier to help if you give an overview of your network setup
Please tell us:
What is your LAN interface IP and network mask (e.g. 192.168.1.1/24)?
What is your WAN interface IP and network mask? (Put some xxx in part of it, if it is a public IP)
Do you have a static or dynamic public IP address?
What other interfaces do you have on you have on your pfSense? (Maybe none)
What interface is the OpenVPN server listening on?
What sort of internet connection do you have? (e.g. cable modem in bridge mode, separate ADSL router not bridged, gets out via some other router,…)
Then we can help sort out why the client cannot reach the server. -
It will be easier to help if you give an overview of your network setup
Please tell us:
What is your LAN interface IP and network mask (e.g. 192.168.1.1/24)?192.168.1.254/24
What is your WAN interface IP and network mask?
192.168.2.5 , network mask : 255.255.255.0
Do you have a static or dynamic public IP address?
Dynamic .
What other interfaces do you have on you have on your pfSense?
192.168.5.5
What interface is the OpenVPN server listening on?
192.168.2.5
What sort of internet connection do you have?
DSL modem .
-
You need to
a) get the client to be able to find your public IP
b) have the client connect requests on the public IP forwarded to your pfSense WAN IP.
For (a) - register at one of the dynamic DNS providers, so you have a name (like mysite.dyndns-ip.com) that can always translate to your IP. Setup a Dynamic DNS entry in your pfSense so that the name gets kept up-to-date with your IP. Normally pfSense only checks/updates this once a day. You can adjust that daily job with the Cron package - http://forum.pfsense.org/index.php/topic,58085.msg310861.html#msg310861
For (b) - configure your DSL modem to forward your VPN listening port numbers (1194, 1195 whatever) to your WAN IP 192.168.2.5
(If you can't do this on the modem, then you will need to sort out how to put it in bridge mode, and get the real public IP onto your pfSense WAN port…)Then make your OpenVPN client config specify the remote server using the dynamic DNS name.
-
You need to
a) get the client to be able to find your public IP
b) have the client connect requests on the public IP forwarded to your pfSense WAN IP.
For (a) - register at one of the dynamic DNS providers, so you have a name (like mysite.dyndns-ip.com) that can always translate to your IP. Setup a Dynamic DNS entry in your pfSense so that the name gets kept up-to-date with your IP. Normally pfSense only checks/updates this once a day. You can adjust that daily job with the Cron package - http://forum.pfsense.org/index.php/topic,58085.msg310861.html#msg310861
For (b) - configure your DSL modem to forward your VPN listening port numbers (1194, 1195 whatever) to your WAN IP 192.168.2.5
(If you can't do this on the modem, then you will need to sort out how to put it in bridge mode, and get the real public IP onto your pfSense WAN port…)Then make your OpenVPN client config specify the remote server using the dynamic DNS name.
Hi…but why my guide did't mention any thing about what you said to me ?
Also is there a alternative for dynamic DNS ?
thank you .
-
@Raafat:
Hi…but why my guide did't mention any thing about what you said to me ?
Because you have a "Double NAT" (two devices doing NAT). This is not recommended.
@Raafat:
Also is there a alternative for dynamic DNS ?
Getting a static IP from your provider.
-
"Hi…but why my guide did't mention any thing about what you said to me ?"
Because the GUIDE assumes your pfsense WAN is on the public internet and not behind another router doing NAT.
As already mentioned you could setup this device in front of pfsense that is giving it its 192.168.2.5 and port forward the port your using for openvpn.
-
Hi guys…assuming i have a static public ip how will they change your guides .
thank you .
-
Getting a static IP only fixes problem a) (dynamic IP) you'd still have to do what phil.davis has posted above for problem b) (Double NAT).
The dynamic IP part is even described in the guide you used. So you're only left with either port forwarding or bridging which you have to do on your DSL modem.
-
Getting a static IP only fixes problem a) (dynamic IP) you'd still have to do what phil.davis has posted above for problem b) (Double NAT).
The dynamic IP part is even described in the guide you used. So you're only left with either port forwarding or bridging which you have to do on your DSL modem.
Hi…can i disable my modem' NAT ?
-
And which gateway do you have? I wish the terms would be used correctly, a "modem" does not do NAT.. If it a combo device of a modem and router (can do nat) then its a GATEWAY.. If does not have a modem then its just a router, etc.
If you tell use what is the model number of your "modem" and who your carrier is then we can look up if you can put the device in bridge mode – turn off nat..
-
a "modem" does not do NAT..
Hi…below what i have :
http://www.huaweidevice.com/br/productFeatures.do?pinfoId=660&directoryId=2663&treeId=663
but the last version (it's a router ).
thank you .
-
If its a modem and a router then its a gatway!
What is the model number – the HG510? I show an a model, a v model, just the 510... If your on the 520 there there even more model versions. Its real hard -- look on the device!!! What does it say for the model number?
-
-
Well that is sure not the last one one the url you sent ;)
Simple google found this
https://www.youtube.com/watch?v=pzPUxjPDW9Yand this
https://luciancovaci.wordpress.com/2012/07/19/adsl-romtelecom-configurare-in-bridge/And from the manual
Says to adjust the connection type to bridge in drop down combo box.. So clearly it supports it - I would highly suggest you just contact your isp and them them you want to put it in bridge mode and they can walk you through the steps. -
Well that is sure not the last one one the url you sent ;)
Simple google found this
https://www.youtube.com/watch?v=pzPUxjPDW9Yand this
https://luciancovaci.wordpress.com/2012/07/19/adsl-romtelecom-configurare-in-bridge/And from the manual
Says to adjust the connection type to bridge in drop down combo box.. So clearly it supports it - I would highly suggest you just contact your isp and them them you want to put it in bridge mode and they can walk you through the steps.thank you man
now all thing go correctlly but how will i make a VPN client a part of my network,meaning sees all people on my network ?
-
Guys help me…this is the last step of our topic .
i'm waiting you .
thank you .
-
I havent been able to get OpenVPN using TAP to work either as you can see from my post here http://forum.pfsense.org/index.php/topic,58724.0.html
I have got TUN working though, I can ping the pfsense firewall, ping other devices on the network and can even remote access onto my Win7 desktop and SSH to my linux servers from inside the lan.
It might pay to use TUN for now as I have seen some comments on this board that 2.0.x has some issues which might be affecting the TAP/Bridge mode, but these should be resolved when 2.1 is released. Alternatively you could try a beta of 2.1 if you fancy the risk.
-
Guys…i'm waiting you .
-
Waiting for what?
So now your pfsense has public IP on its wan? Then run through the openvpn wizard and your done.. Not sure what else you think you need to do?
What is not working now?