Windows 7 OpenVPN client can't reach the LAN
-
All you posted looks fine for me.
Check also your Outbound NAT settings (I have just read a topic where that was the problem). There shouldn't be any rules for the OpenVPN interface
Automatic outbound NAT is switched on. No other mappings.
-
Is it possibly an issue that my VPN tunnel network (10.12.43.0/24) is within my LAN (10.12.0.0/16)?
And is this firewall rule on the OpenVPN interface sufficient?
Proto Source Port Destination Port Gateway Queue Schedule Description IPv4 * * * * * * none OpenVPN My company VPN wizard
-
@Rob:
Is it possibly an issue that my VPN tunnel network (10.12.43.0/24) is within my LAN (10.12.0.0/16)?
Switched the VPN tunnel net to 192.168.20.0/24. Still nothing travels into the LAN. :-\ I've temporarily disabled the firewall on the client. Doesn't help though.
-
Does this entry in the log shed any light on the problem?
Nov 20 10:30:08 openvpn[36283]: rob.pomeroy/e.f.g.h:49386 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #95045 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
-
Post your server1.conf.
-
Okay:
dev ovpns1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local a.b.c.d tls-server server 192.168.20.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc client-cert-not-required username-as-common-name auth-user-pass-verify /var/etc/openvpn/server1.php via-env tls-verify /var/etc/openvpn/server1.tls-verify.php lport 1194 management /var/etc/openvpn/server1.sock unix max-clients 50 push "route 10.12.0.0 255.255.0.0" push "route 192.168.3.0 255.255.255.0" push "dhcp-option DOMAIN mycompany.local" push "dhcp-option DNS 10.12.20.6" push "dhcp-option DNS 10.12.20.7" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" push "dhcp-option NTP 10.12.20.6" push "dhcp-option NTP 10.12.20.7" ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.1024 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo persist-remote-ip float topology subnet
-
Do the clients on the LAN allow pings from the OpenVPN network? Try to turn off firewall on the clients temporarily.
-
Export a new config and install it on the client-side.
Post new exported client config.
Post Pfsense routing table.
Post client routing table once connected with new config.
-
Thanks for your input.
The quantity of issues I'm having with pfSense is rising, Now I'm getting failures on attempting to log in:
Warning: session_start(): open(/var/tmp//sess_1e36ef0d17d9b13cdeb3d59c25e8e0ab, O_RDWR) failed: No space left on device (28) in /etc/inc/auth.inc on line 1357
There's plenty of space, so I'm going to guess there's some filesystem-level corruption of some kind, in which case all bets are off. sigh Time to reinstall.
-
Completely reinstalled pfSense and what do you know? It's working.
Hypotheses:
-
Corruption of original installation and/or
-
Using older version of OpenVPN Client Export pacakge and/or
-
Some other installed package caused a problem (have installed this fairly lean on this occasion).
Thanks to all for your help. I'm going to snapshot this virtual machine while it's working!!!
-