Configuring VPN win7 clients with pfsense
-
a "modem" does not do NAT..
Hi…below what i have :
http://www.huaweidevice.com/br/productFeatures.do?pinfoId=660&directoryId=2663&treeId=663
but the last version (it's a router ).
thank you .
-
If its a modem and a router then its a gatway!
What is the model number – the HG510? I show an a model, a v model, just the 510... If your on the 520 there there even more model versions. Its real hard -- look on the device!!! What does it say for the model number?
-
-
Well that is sure not the last one one the url you sent ;)
Simple google found this
https://www.youtube.com/watch?v=pzPUxjPDW9Yand this
https://luciancovaci.wordpress.com/2012/07/19/adsl-romtelecom-configurare-in-bridge/And from the manual
Says to adjust the connection type to bridge in drop down combo box.. So clearly it supports it - I would highly suggest you just contact your isp and them them you want to put it in bridge mode and they can walk you through the steps. -
Well that is sure not the last one one the url you sent ;)
Simple google found this
https://www.youtube.com/watch?v=pzPUxjPDW9Yand this
https://luciancovaci.wordpress.com/2012/07/19/adsl-romtelecom-configurare-in-bridge/And from the manual
Says to adjust the connection type to bridge in drop down combo box.. So clearly it supports it - I would highly suggest you just contact your isp and them them you want to put it in bridge mode and they can walk you through the steps.thank you man
now all thing go correctlly but how will i make a VPN client a part of my network,meaning sees all people on my network ?
-
Guys help me…this is the last step of our topic .
i'm waiting you .
thank you .
-
I havent been able to get OpenVPN using TAP to work either as you can see from my post here http://forum.pfsense.org/index.php/topic,58724.0.html
I have got TUN working though, I can ping the pfsense firewall, ping other devices on the network and can even remote access onto my Win7 desktop and SSH to my linux servers from inside the lan.
It might pay to use TUN for now as I have seen some comments on this board that 2.0.x has some issues which might be affecting the TAP/Bridge mode, but these should be resolved when 2.1 is released. Alternatively you could try a beta of 2.1 if you fancy the risk.
-
Guys…i'm waiting you .
-
Waiting for what?
So now your pfsense has public IP on its wan? Then run through the openvpn wizard and your done.. Not sure what else you think you need to do?
What is not working now?
-
Waiting for what?
So now your pfsense has public IP on its wan? Then run through the openvpn wizard and your done.. Not sure what else you think you need to do?
What is not working now?
I'm waiting for this :i could see any device on my network (servers,printers,etc) .
-
Yeah once you vpn in, depending on what firewall rules you put in place you can access anything you want on your network. I vpn into my home network pretty much every day. I am on now - yes I can print to my printer if I want, I can remote desktop to any box on my network, I can access my file shares, etc. etc. etc.
D:>net view \storage.local.lan
Shared resources at \storage.local.lanMy storage server
Share name Type Used as Comment
–-----------------------------------------------------------------------------
J Disk
Media Disk
Molly Disk
temp Disk
The command completed successfully.Thats my NAS on my home network, while I am here at work.
-
Yeah once you vpn in, depending on what firewall rules you put in place you can access anything you want on your network. I vpn into my home network pretty much every day. I am on now - yes I can print to my printer if I want, I can remote desktop to any box on my network, I can access my file shares, etc. etc. etc.
D:>net view \storage.local.lan
Shared resources at \storage.local.lanMy storage server
Share name Type Used as Comment
–-----------------------------------------------------------------------------
J Disk
Media Disk
Molly Disk
temp Disk
The command completed successfully.Thats my NAS on my home network, while I am here at work.
So tell me what are rules will i use ?
thank you .
-
You wouldn't use any rules really unless you want to limit or block something - wizard should create the default rule
IPv4 * * * * * * none OpenVPN pfsense wizard
The above is what I have in my openvpn tab
-
You wouldn't use any rules really unless you want to limit or block something - wizard should create the default rule
IPv4 * * * * * * none OpenVPN pfsense wizard
The above is what I have in my openvpn tab
What is subnet' ip address are you using and for vpn' clients ?
-
You can use whatever you want.. I use 2 different ones for tcp or udp connections I use
NO TCP / 443 10.0.200.0/24 pfsense tcp
NO UDP / 1194 10.0.8.0/24 pfsense udpJust use something that is unlikely to conflict with the network segment connecting to you.
-
You can use whatever you want.. I use 2 different ones for tcp or udp connections I use
NO TCP / 443 10.0.200.0/24 pfsense tcp
NO UDP / 1194 10.0.8.0/24 pfsense udpJust use something that is unlikely to conflict with the network segment connecting to you.
So why i could not see any device on my network also i can't ping any device except my pfsense ?
i have a rule like your rule on my WAN and LAN
-
Are we to just guess your setup? For all I know you have host firewalls blocking ping. What does could not see mean? Are you talking like a windows browse list - thats not going to happen over different segments and a nat. You could run a wins server if you want to have browselists across segments.
For all we know you have 192.168.1.0/24 on your pfsense lan side and remote network is also 192.168.1.0/24 – are you sending your route, is the client getting the route?
Post up your openvpn config, did you do a traceroute from the client that could not ping your pfsense box? Is he sending the traffic down the tunnel?
-
Are we to just guess your setup? For all I know you have host firewalls blocking ping. What does could not see mean? Are you talking like a windows browse list - thats not going to happen over different segments and a nat. You could run a wins server if you want to have browselists across segments.
For all we know you have 192.168.1.0/24 on your pfsense lan side and remote network is also 192.168.1.0/24 – are you sending your route, is the client getting the route?
Post up your openvpn config, did you do a traceroute from the client that could not ping your pfsense box? Is he sending the traffic down the tunnel?
tunnel network : 192.168.10.0/24
my lan:192.168.1.0/24after connecting to my network i got 192.168.10.6 (windows told me that )
after that i can ping only pfsense box
tell me exactly what are you looking about openvpn confi because there are many fields with vpn confi .
Also about i could't see any device i mean at least i ping them (my devices:pritner,computers,servers)
and sharing files .i hope what i told you to be helpful .
thank you .
-
And where are you connecting from? What is that network?
Post up output of route print after you connect.
Do a traceroute to the IP your trying to ping.
So what if there are multiple fields, here attached is mine.. And then the client config from client export. Just snipped out part of public IP for privacy.
–
dev tun
persist-tun
persist-key
cipher BF-CBC
tls-client
client
resolv-retry infinite
remote 24.13.xx.xx 443 tcp
tls-remote pfsense-openvpn
pkcs12 pfsense-TCP-443-johnpoz.p12
tls-auth pfsense-TCP-443-johnpoz-tls.key 1
ns-cert-type server
comp-lzo
-
And where are you connecting from? What is that network?
Post up output of route print after you connect.
Do a traceroute to the IP your trying to ping.
So what if there are multiple fields, here attached is mine.. And then the client config from client export. Just snipped out part of public IP for privacy.
–
dev tun
persist-tun
persist-key
cipher BF-CBC
tls-client
client
resolv-retry infinite
remote 24.13.xx.xx 443 tcp
tls-remote pfsense-openvpn
pkcs12 pfsense-TCP-443-johnpoz.p12
tls-auth pfsense-TCP-443-johnpoz-tls.key 1
ns-cert-type server
comp-lzo
after connecting to my pfsense this is what i got :
Sun Feb 17 20:45:14 2013 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul 1 2011 Sun Feb 17 20:45:17 2013 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page). Sun Feb 17 20:45:17 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sun Feb 17 20:45:17 2013 Control Channel Authentication: using 'pfsense-udp-1195-internal-ca-tls.key' as a OpenVPN static key file Sun Feb 17 20:45:17 2013 LZO compression initialized Sun Feb 17 20:45:17 2013 UDPv4 link local (bound): [undef]:1194 Sun Feb 17 20:45:17 2013 UDPv4 link remote: 37.xxx.xxx.xxx:1195 Sun Feb 17 20:45:17 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sun Feb 17 20:45:20 2013 [internal-ca] Peer Connection Initiated with 37.xxx.xxx.xxx:1195 Sun Feb 17 20:45:23 2013 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{BFEE7338-93E9-47C0-8501-430F8AC797C1}.tap Sun Feb 17 20:45:23 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.200.6/255.255.255.252 on interface {BFEE7338-93E9-47C0-8501-430F8AC797C1} [DHCP-serv: 192.168.200.5, lease-time: 31536000] Sun Feb 17 20:45:23 2013 Successful ARP Flush on interface [23] {BFEE7338-93E9-47C0-8501-430F8AC797C1} Sun Feb 17 20:45:28 2013 WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0] Sun Feb 17 20:45:28 2013 Initialization Sequence Completedafter pinging 192.168.1.1 :
reqeust timed outAlso :
Tracing route to 192.168.1.1 over a maximum of 30 hops 1 55 ms 55 ms 53 ms 192.168.200.1 2 * * * Request timed out. 3 * * * Request timed out. 4 * *thank you .
