Established VPN connection but no ping or other connection into target network
-
Dear Forum Members,
I'm busy configurating a client to server OpenVPN connection on PFSense 2.2.4. I installed the Client Export Package and configured the VPN as can be seen in attached picture VPN-Server-Config.jpg. So my .ovpn file is attached here as well (ovpn-File.jpg).
On the client side the connection is established well:
Wed Aug 26 10:23:53 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Wed Aug 26 10:23:53 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Wed Aug 26 10:23:54 2015 Control Channel Authentication: using 'pfsense-udp-xxxxxxxxxxxxxxxxxxxxx-tls.key' as a OpenVPN static key file
Wed Aug 26 10:23:54 2015 UDPv4 link local (bound): [undef]
Wed Aug 26 10:23:54 2015 UDPv4 link remote: [AF_INET]92.xx.xxx.xxx:xxxxx
Wed Aug 26 10:23:55 2015 [WEDO-VPN-SERVER-CERT] Peer Connection Initiated with [AF_INET]92.xx.xxx.xxx:xxxxx
Wed Aug 26 10:23:57 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Aug 26 10:23:57 2015 open_tun, tt->ipv6=0
Wed Aug 26 10:23:57 2015 TAP-WIN32 device [LAN-Verbindung 2] opened: \.\Global{A8D9943C-xxxx-4241-xxxx-171657E1D1B8}.tap
Wed Aug 26 10:23:57 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.xxx.6/255.255.255.252 on interface {A8D9943C-xxxx-4241-xxxx-171657E1D1B8} [DHCP-serv: 192.168.xxx.5,lease-time: 31536000]
Wed Aug 26 10:23:57 2015 Successful ARP Flush on interface [28] {A8D9943C-xxxx-4241-xxxx-171657E1D1B8}
Wed Aug 26 10:24:02 2015 Initialization Sequence CompletedMy firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.
The interface is configured well via DHCP:
Ethernet-Adapter LAN-Verbindung 2:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
Physikalische Adresse . . . . . . : 00-xx-xx-xx-xx-xx
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::xxxx:30d3:xxxx:c1f8%28(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.xxx.6(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.252
Lease erhalten. . . . . . . . . . : Mittwoch, 26. August 2015 10:03:03
Lease läuft ab. . . . . . . . . . : Donnerstag, 25. August 2016 10:03:03
Standardgateway . . . . . . . . . :
DHCP-Server . . . . . . . . . . . : 192.168.220.5
DHCPv6-IAID . . . . . . . . . . . : 486604712
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-xx-19-45-09-xx-A4-xx-31-xx-A9-9DNS-Server . . . . . . . . . . . : 192.168.xx.x
192.168.xx.x
NetBIOS über TCP/IP . . . . . . . : AktiviertAnd I added an "Allow All" rule to the OpenVPN section on the firewall. Pls see attached Open_VPN_Rule.jpg .
Still any kind of traffic will be blocked in PFSense as you can see in RDPFirewalBlock.jpg . The rule which triggered that action is the standard deny rule (Block_Rule.jpg).
So I thought I had done everything right so far, but I'm stuck and don't know how to proceed.
Any help is greatly appreciated. Kind regards, MisterIX.
-
You don't get the routes added on client.
I think, it should help to start OpenVPN Manager or OpenVPN GUI with admin privileges. -
My firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.
And please just turn this crap off and leave it off (if not uninstall it) when debugging things like this.
-
@Viragomann: There is no other way to get the VPN-Client running on Win7 than starting it with administration permissions.
@Derelict: Wash your mouth with soap, immediatly!
-
-
Yeah, allright. Stop trolling… >:(
So in the end I can give an answer to the problem by myself. In my opinion there might still be some problems with the 64Bit Version of the OpenVPN-Client. In the end it even crashed my Win7 Computer only seconds after establishing a VPN tunnel.
I went back to a software Version, which I had allready used for OpenVPN successfully which is openvpn-2.3.2 in a 32Bit Version.
Then just adding the gateway IP as an on-link static route like:
route add -p 192.168.xx.1 mask 255.255.255.0 0.0.0.0 metric x
will conclude the routing settings and everything works fine.
Kind regards, MisterIX.