Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nas4Free behind pfsense

    Scheduled Pinned Locked Moved NAT
    38 Posts 6 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      And do you have any firewall on your nas4free device that would limit access to the local network.  And now your coming from your vpn network.

      Can you ping the pfsense IP on the lan interface your nas4free is connected too?  Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel?  Did you place any firewall rules on your vpn connection..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • I
        irs
        last edited by

        i can ping with pfsense the ip address of my nas4free but when ever i tried to ping from my remote computer it wont

        1 Reply Last reply Reply Quote 0
        • I
          irs
          last edited by

          "Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel?  Did you place any firewall rules on your vpn connection.."

          How to traceroute? I can not see any traceroute command in vpnclient
          i hav no firewall rules for vpn

          1 Reply Last reply Reply Quote 0
          • B
            biggsy
            last edited by

            @johnpoz:

            And do you have any firewall on your nas4free device that would limit access to the local network.

            From the NAS4Free release notes:

            Login error 403
            Do you have WebGUI Login error 403? Make shure the pc is in the same network! by default the System|General Setup Hosts allow field is empty so any one on the same network of LAN interface can access the WebGUI allowed. With a space delimited set of IP or CIDR notation you can add computers from outer network. As an example the outer IP address and LAN address for remote access.

            1 Reply Last reply Reply Quote 0
            • I
              irs
              last edited by

              @johnpoz:

              And do you have any firewall on your nas4free device that would limit access to the local network.  And now your coming from your vpn network.

              Can you ping the pfsense IP on the lan interface your nas4free is connected too?  Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel?  Did you place any firewall rules on your vpn connection..

              here is traceroute
              1  * * *
              2  * * *
              3  * * *
              4  * * *
              5  * * *
              6  * * *
              7  * * *
              8  * * *
              9  * * *
              10  * * *
              11  * * *
              12  * * *
              13  * * *
              14  * * *
              15  * * *
              16  * * *
              17  * * *
              18  * * *

              1 Reply Last reply Reply Quote 0
              • I
                irs
                last edited by

                how I can figure out the error?

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Do you get the 403 error.. Then biggsy already pointed you to the problem..

                  As to your traceroute.. you got something wrong there..  Do the traceroute to the IP you can ping?

                  Here is a normal traceroute through a vpn tunnel

                  
                  C:\>tracert -d 192.168.9.100
                  
                  Tracing route to 192.168.9.100 over a maximum of 30 hops
                  
                    1    93 ms    92 ms    96 ms  10.0.8.1
                    2   105 ms   100 ms    97 ms  192.168.9.100
                  
                  Trace complete.
                  
                  

                  I hit the end of the tunnel (pfsense) then I hit the client.

                  What network behind pfsense, your local network.  What is your tunnel network, what is the local network your on when your connecting into the vpn.

                  So for example my box I am on now is

                  Ethernet adapter Local Area Connection:

                  Connection-specific DNS Suffix  . : snipped.com
                    IPv4 Address. . . . . . . . . . . : 10.56.153.210
                    Subnet Mask . . . . . . . . . . . : 255.255.255.0
                    Default Gateway . . . . . . . . . : 10.56.153.1

                  My vpn interface
                  Ethernet adapter Local Area Connection 2:

                  Connection-specific DNS Suffix  . : local.lan
                    IPv4 Address. . . . . . . . . . . : 10.0.8.100
                    Subnet Mask . . . . . . . . . . . : 255.255.255.0
                    Default Gateway . . . . . . . . . :

                  Here is my route table when connected to vpn

                  
                  C:\>route print | find "10.0.8.100"
                           10.0.8.0    255.255.255.0         On-link        10.0.8.100    276
                         10.0.8.100  255.255.255.255         On-link        10.0.8.100    276
                         10.0.8.255  255.255.255.255         On-link        10.0.8.100    276
                        192.168.2.0    255.255.255.0         10.0.8.1       10.0.8.100    276
                        192.168.3.0    255.255.255.0         10.0.8.1       10.0.8.100    276
                        192.168.9.0    255.255.255.0         10.0.8.1       10.0.8.100    276
                          224.0.0.0        240.0.0.0         On-link        10.0.8.100    276
                    255.255.255.255  255.255.255.255         On-link        10.0.8.100    276
                  
                  

                  I would of just given full output - but there are just a shitton of routes in the route table since at work..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • I
                    irs
                    last edited by

                    Microsoft Windows [Version 6.1.7601]
                    Copyright © 2009 Microsoft Corporation.  All rights reserved.

                    C:>ping 192.168.0.250

                    Pinging 192.168.0.250 with 32 bytes of data:
                    Request timed out.
                    Request timed out.
                    Request timed out.
                    Request timed out.

                    Ping statistics for 192.168.0.250:
                        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

                    C:>ping 192.168.0.137

                    Pinging 192.168.0.137 with 32 bytes of data:
                    Reply from 192.168.0.137: bytes=32 time=41ms TTL=63
                    Reply from 192.168.0.137: bytes=32 time=42ms TTL=63
                    Reply from 192.168.0.137: bytes=32 time=43ms TTL=63
                    Reply from 192.168.0.137: bytes=32 time=55ms TTL=63

                    Ping statistics for 192.168.0.137:
                        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
                    Approximate round trip times in milli-seconds:
                        Minimum = 41ms, Maximum = 55ms, Average = 45ms

                    C:>tracert -d 192.168.0.1

                    Tracing route to 192.168.0.1 over a maximum of 30 hops

                    1  151 ms  204 ms  222 ms  192.168.0.1

                    Trace complete.

                    C:>tracert -d 10.0.7.254

                    Tracing route to 10.0.7.254 over a maximum of 30 hops

                    1    45 ms    70 ms    46 ms  10.0.7.1
                      2    *        *        *    Request timed out.
                      3    *        *        *    Request timed out.
                      4    *        *        *    Request timed out.
                      5    *        *        *    Request timed out.
                      6    *        *        *    Request timed out.
                      7    *        *        *    Request timed out.
                      8    *        *        *    Request timed out.
                      9    *        *    ^C

                    C:>tracert -d 10.0.7.1

                    Tracing route to 10.0.7.1 over a maximum of 30 hops

                    1  526 ms  632 ms  191 ms  10.0.7.1

                    Trace complete.

                    C:>tracert -d 192.168.0.1

                    Tracing route to 192.168.0.1 over a maximum of 30 hops

                    1  351 ms  700 ms  437 ms  192.168.0.1

                    Trace complete.

                    C:>tracert -d 192.168.0.250

                    Tracing route to 192.168.0.250 over a maximum of 30 hops

                    1  773 ms  736 ms  970 ms  10.0.7.1
                      2    *        *        *    Request timed out.
                      3    *    ^C
                    C:>tracert -d 192.168.0.137

                    Tracing route to 192.168.0.137 over a maximum of 30 hops

                    1  197 ms  263 ms  365 ms  10.0.7.1
                      2  257 ms  203 ms  105 ms  192.168.0.137

                    Trace complete.

                    1 Reply Last reply Reply Quote 0
                    • I
                      irs
                      last edited by

                      My settings are as follows:
                      OpenVPN on pfsense router
                      access nework 192.168.0.0/24
                      NAS4FREE 192.168.0.250 port 12000
                      Tunnel Network: 10.0.7.0/24
                      client network 192.168.10.0/24

                      I can connect my DVR but can not connect owncloud and nas4free

                      C:>route print | find "10.0.7.1"
                                0.0.0.0        128.0.0.0                10.0.7.1        10.0.7.2    276
                              128.0.0.0        128.0.0.0              10.0.7.1        10.0.7.2    276
                            192.168.0.0    255.255.255.0        10.0.7.1        10.0.7.2    276

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Well this says vpn is working

                        C:>tracert -d 192.168.0.137

                        Tracing route to 192.168.0.137 over a maximum of 30 hops

                        1  197 ms  263 ms  365 ms  10.0.7.1
                          2  257 ms  203 ms  105 ms  192.168.0.137

                        So your issue is on your nas box – most likely the firewall as already pointed out multiple times!

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • I
                          irs
                          last edited by

                          thanks for your help.

                          Firewall?
                          inside my Nas4free firewall is not checked it is not configured.

                          1 Reply Last reply Reply Quote 0
                          • P
                            P3R
                            last edited by

                            @irs:

                            NAS4FREE 192.168.0.250 port 12000

                            In the very first post of the thread you say that the NAS4Free is on the OPT1 interface.

                            Now you're saying NAS4Free have the address 192.168.0.250.

                            Have you moved the NAS4Free to the LAN interface now?

                            1 Reply Last reply Reply Quote 0
                            • I
                              irs
                              last edited by

                              Actually it was beginning as i am new i wast knew many things than suggested in this post to protect well must do that on openvpn.

                              so now I am on openvpn but still am unable to access my nas4free from remote on openvpn.?

                              I hope explain it well?

                              1 Reply Last reply Reply Quote 0
                              • P
                                P3R
                                last edited by

                                Is NAS4Free connected to the LAN network 192.168.0.0/24?

                                Does it have the address 192.168.0.250/24?

                                1 Reply Last reply Reply Quote 0
                                • I
                                  irs
                                  last edited by

                                  yes my nas4free is connected to my pfsense network address 192.168.0.0/24
                                  and my NAS4FREE ip is 192.168.0.250
                                  my DVR is also connected on the same network 192.168.0.137
                                  and I am able to use it with that local network

                                  my openvpn is connected on tunnel 10.0.7.0/24

                                  my remote ip 192.168.10.0/24 windows machine

                                  I can connect owncloud locally but can not connect through vpn.

                                  ![openVPN diag.png](/public/imported_attachments/1/openVPN diag.png)
                                  ![openVPN diag.png_thumb](/public/imported_attachments/1/openVPN diag.png_thumb)

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    P3R
                                    last edited by

                                    Go to System, General, WebGUI, Hosts allow in NAS4Free admin GUI.

                                    If you have only 192.168.0.0/24 configured there, change it to 192.168.0.0/24 192.168.10.0/24

                                    Also in NAS4Free admin GUI:

                                    Check that on Network, LAN Management, IP address you have the network set to /24

                                    Check that you have Network, LAN Management, Gateway set to whatever address your pfsense have on it's LAN interface (in your first post it was 192.168.0.1).

                                    1 Reply Last reply Reply Quote 0
                                    • I
                                      irs
                                      last edited by

                                      thx for the suggestions I will try and let you know the results.

                                      Onece again Thank you for the help you and all other extended to me.

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        biggsy
                                        last edited by

                                        @P3R:

                                        Go to System, General, WebGUI, Hosts allow in NAS4Free admin GUI.

                                        If you have only 192.168.0.0/24 configured there, change it to 192.168.0.0/24 192.168.10.0/24

                                        Also in NAS4Free admin GUI:

                                        Check that on Network, LAN Management, IP address you have the network set to /24

                                        Check that you have Network, LAN Management, Gateway set to whatever address your pfsense have on it's LAN interface (in your first post it was 192.168.0.1).

                                        You will also have to add 10.0.7.0/24 (your VPN network) to the NAS4Free hosts allow.

                                        1 Reply Last reply Reply Quote 0
                                        • P
                                          P3R
                                          last edited by

                                          @biggsy:

                                          You will also have to add 10.0.7.0/24 (your VPN network) to the NAS4Free hosts allow.

                                          Will that be the source address of the traffic from the VPN?

                                          If so, no reason to allow 192.168.10.0/24 then?

                                          I don't know OpenVPN as you can see, I use IPSec.

                                          Anyway, there must be something else that's very wrong since not even ping works…

                                          1 Reply Last reply Reply Quote 0
                                          • B
                                            biggsy
                                            last edited by

                                            Yes, the OpenVPN tunnel IP will be needed.

                                            In fact, I tried to access the Web UI of my own NAS4Free over OpenVPN (for the first time, I guess).  It didn't work until I added the tunnel network to System, General, WebGUI, Hosts allow.

                                            I agree that there is something more serious going on if PING doesn't work.  Hard to tell what the OP has done though.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.