New OpenVPN setup for road-warriors - connected but no routing
-
All firewalls off on the windows box?
-
Still no joy, even with both server and client set to "TUN". With or without the Management part. With 2.2 or 2.3-x86.
I don't understand what are you trying to do there.
Description . . . . . . . . . . . : TAP-Windows Adapter V9 #2 IPv4 Address. . . . . . . . . . . : 172.29.0.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.252This for sure again looks like /30.
-
Sorry to nit-pick but just checking. When you stipulate your tunnel IP make sure that subnet isn't used on the client side or the server side. Give the openvpn tunnel a seperate range.
So if client is on a 192.168.1.0/24 and server is on a 178.x.x.x make the tunnlel network something like 10.122.20.0/24 (or whatever)
No need to push routes or any other madness.
I do provide DNS servers and NTP servers though. Get two online for NTP servers in your timezone and use 8.8.8.8 and 8.8.4.4 if you want google DNS
I also provide a default domain NAME. Just pick a name like tunnel1194 if you only use one server.
Nitpick away - whatever it takes :)
My remote test PC is on a 172.29.14.0 subnet with a mask 255.255.255.0, at the moment the IP is 172.29.14.100
My pfSense LAN subnet is 10.10.0.0 with mask 255.255.255.0, and the IP is 10.10.0.3
The server "Tunnel Network" is 172.29.0.0/24
The sever "Local Network" is 10.10.0.0/24The client "Tunnel Network" is 172.29.0.0/24
The client "Local Network" is 10.10.0.0/24The firewall is now disabled on the PC. Not sure what the Virgin SuperHub might be doing though - although as the tunnel is established and I can see that in the pfSense status, I assume any intermediary firewalls just see "traffic", not anything specific.
This for sure again looks like /30
I can only assume this is coming from the config in pfSense, I'm not setting that mask anywhere. I have /24 in all configs.
-
This for sure again looks like /30
I can only assume this is coming from the config in pfSense, I'm not setting that mask anywhere. I have /24 in all configs.
Please, tick the proper checkbox so that this net30 topology is NOT used.
-
Please, tick the proper checkbox so that this net30 topology is NOT used.
What screen are you seeing that on? I just get the attached.
-
Please, tick the proper checkbox so that this net30 topology is NOT used.
What screen are you seeing that on? I just get the attached.
As already posted elsewhere. This ONLY is available if you set up the interface as TUN. Not with TAP.
-
As already posted elsewhere. This ONLY is available if you set up the interface as TUN. Not with TAP.
I am on TUN now.
-
Well, then it's not available in 2.0.3. Time to upgrade. :P
-
2.0.3 is the latest I could find. You folks running the 2.1 RC?
-
You can go to 2.1RC
http://snapshots.pfsense.org/
But honestly, this should work fine on 2.03. It should be a 5 minute setup from start to finish.
Some basic little thing is broken and its possible its not even anything to do with pfsense.
I'll read you config again.
-
Thanks. Tomorrow I'll probably delete all the settings and start from scratch - I made some wrong turns at the start that may be lingering.
-
OK - This is broken. Why is it set up as peer to peer now?
Server mode (I suggest Remote Access. SSL/TLS)
protocol UDP
device mode TUN
-
You don't need 2.1 to make it work… Problem is peer to peer. You don't want that.
-
This is a bit odd. The server is set to "Remote Access (SSL/TLS + User Auth)", but the client is now set to Peer-to-peer, and the only options available are the two "peer to peer" ones.
-
Recommendation - Delete the server and the client.
Use the wizard and set it up again using TUN from the very beginning.
It sounds big deal but should be a few minutes.
I'm sure 2.1 works fine but 2.3 isn't broken either.
You just got a bit twisted around. Thats all.
-
I'll try it again tomorrow - getting frazzled now :)
Just deleted both configs, used the wizard to setup the server bit (seemed to create a tun setup anyway) but a new client still only allows server mode Peer to Peer.
-
Did you try shooting it with a 12 gauge shotgun? (Teasing)
Thats odd. I've never seen anything like that before. It should allow you to configure remote access. Thats very basic.
I wonder… Do you have user accounts and certs set up on your pfsense other than Admin? Because you need too. It required.
If pfsense thinks there are no users and no user certs it might not present you remote access options.
I had assumed these road warriors of yours had limited user accounts installed on pfsense.
You can get away with creating just 1 user and one user cert and allowing multiple concurrent connections by that user, but its better to set up one user account per "road warrior". You just go into system > user manager and add users, passwords and user certs.
Then you might have much better luck.
-
I do have a user I set up that I've been using for testing, and that's the one I've been using in the OpenVPN client downloader
-
Hang on, do I even need the "client" tab on the OpenVPN config? Going to try a manual approach as per: http://forum.pfsense.org/index.php?topic=22115.0
-
Getting the shotgun ready now. Just recreated everything manually, and no difference. VPN client connects fine, lights go green, routes are created, but nothing is passed.