Nas4Free behind pfsense

johnpoz

And do you have any firewall on your nas4free device that would limit access to the local network.  And now your coming from your vpn network.

Can you ping the pfsense IP on the lan interface your nas4free is connected too?  Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel?  Did you place any firewall rules on your vpn connection..

irs

i can ping with pfsense the ip address of my nas4free but when ever i tried to ping from my remote computer it wont

irs

"Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel?  Did you place any firewall rules on your vpn connection.."

How to traceroute? I can not see any traceroute command in vpnclient
i hav no firewall rules for vpn

biggsy

@johnpoz:

And do you have any firewall on your nas4free device that would limit access to the local network.

From the NAS4Free release notes:

Login error 403
Do you have WebGUI Login error 403? Make shure the pc is in the same network! by default the System|General Setup Hosts allow field is empty so any one on the same network of LAN interface can access the WebGUI allowed. With a space delimited set of IP or CIDR notation you can add computers from outer network. As an example the outer IP address and LAN address for remote access.

irs

@johnpoz:

And do you have any firewall on your nas4free device that would limit access to the local network.  And now your coming from your vpn network.

Can you ping the pfsense IP on the lan interface your nas4free is connected too?  Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel?  Did you place any firewall rules on your vpn connection..

here is traceroute
1  * * *
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *

irs

how I can figure out the error?

johnpoz

Do you get the 403 error.. Then biggsy already pointed you to the problem..

As to your traceroute.. you got something wrong there..  Do the traceroute to the IP you can ping?

Here is a normal traceroute through a vpn tunnel

C:\>tracert -d 192.168.9.100

Tracing route to 192.168.9.100 over a maximum of 30 hops

  1    93 ms    92 ms    96 ms  10.0.8.1
  2   105 ms   100 ms    97 ms  192.168.9.100

Trace complete.

I hit the end of the tunnel (pfsense) then I hit the client.

What network behind pfsense, your local network.  What is your tunnel network, what is the local network your on when your connecting into the vpn.

So for example my box I am on now is

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . : snipped.com
  IPv4 Address. . . . . . . . . . . : 10.56.153.210
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 10.56.153.1

My vpn interface
Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix  . : local.lan
  IPv4 Address. . . . . . . . . . . : 10.0.8.100
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :

Here is my route table when connected to vpn

C:\>route print | find "10.0.8.100"
         10.0.8.0    255.255.255.0         On-link        10.0.8.100    276
       10.0.8.100  255.255.255.255         On-link        10.0.8.100    276
       10.0.8.255  255.255.255.255         On-link        10.0.8.100    276
      192.168.2.0    255.255.255.0         10.0.8.1       10.0.8.100    276
      192.168.3.0    255.255.255.0         10.0.8.1       10.0.8.100    276
      192.168.9.0    255.255.255.0         10.0.8.1       10.0.8.100    276
        224.0.0.0        240.0.0.0         On-link        10.0.8.100    276
  255.255.255.255  255.255.255.255         On-link        10.0.8.100    276

I would of just given full output - but there are just a shitton of routes in the route table since at work..

irs

Microsoft Windows [Version 6.1.7601]
Copyright 2009 Microsoft Corporation.  All rights reserved.

C:>ping 192.168.0.250

Pinging 192.168.0.250 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.250:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:>ping 192.168.0.137

Pinging 192.168.0.137 with 32 bytes of data:
Reply from 192.168.0.137: bytes=32 time=41ms TTL=63
Reply from 192.168.0.137: bytes=32 time=42ms TTL=63
Reply from 192.168.0.137: bytes=32 time=43ms TTL=63
Reply from 192.168.0.137: bytes=32 time=55ms TTL=63

Ping statistics for 192.168.0.137:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 55ms, Average = 45ms

C:>tracert -d 192.168.0.1

Tracing route to 192.168.0.1 over a maximum of 30 hops

1  151 ms  204 ms  222 ms  192.168.0.1

Trace complete.

C:>tracert -d 10.0.7.254

Tracing route to 10.0.7.254 over a maximum of 30 hops

1    45 ms    70 ms    46 ms  10.0.7.1
  2    *        *        *    Request timed out.
  3    *        *        *    Request timed out.
  4    *        *        *    Request timed out.
  5    *        *        *    Request timed out.
  6    *        *        *    Request timed out.
  7    *        *        *    Request timed out.
  8    *        *        *    Request timed out.
  9    *        *    ^C

C:>tracert -d 10.0.7.1

Tracing route to 10.0.7.1 over a maximum of 30 hops

1  526 ms  632 ms  191 ms  10.0.7.1

Trace complete.

C:>tracert -d 192.168.0.1

Tracing route to 192.168.0.1 over a maximum of 30 hops

1  351 ms  700 ms  437 ms  192.168.0.1

Trace complete.

C:>tracert -d 192.168.0.250

Tracing route to 192.168.0.250 over a maximum of 30 hops

1  773 ms  736 ms  970 ms  10.0.7.1
  2    *        *        *    Request timed out.
  3    *    ^C
C:>tracert -d 192.168.0.137

Tracing route to 192.168.0.137 over a maximum of 30 hops

1  197 ms  263 ms  365 ms  10.0.7.1
  2  257 ms  203 ms  105 ms  192.168.0.137

Trace complete.

irs

My settings are as follows:
OpenVPN on pfsense router
access nework 192.168.0.0/24
NAS4FREE 192.168.0.250 port 12000
Tunnel Network: 10.0.7.0/24
client network 192.168.10.0/24

I can connect my DVR but can not connect owncloud and nas4free

C:>route print | find "10.0.7.1"
          0.0.0.0        128.0.0.0                10.0.7.1        10.0.7.2    276
        128.0.0.0        128.0.0.0              10.0.7.1        10.0.7.2    276
      192.168.0.0    255.255.255.0        10.0.7.1        10.0.7.2    276

johnpoz

Well this says vpn is working

C:>tracert -d 192.168.0.137

Tracing route to 192.168.0.137 over a maximum of 30 hops

1  197 ms  263 ms  365 ms  10.0.7.1
  2  257 ms  203 ms  105 ms  192.168.0.137

So your issue is on your nas box – most likely the firewall as already pointed out multiple times!

irs

thanks for your help.

Firewall?
inside my Nas4free firewall is not checked it is not configured.

P3R

@irs:

NAS4FREE 192.168.0.250 port 12000

In the very first post of the thread you say that the NAS4Free is on the OPT1 interface.

Now you're saying NAS4Free have the address 192.168.0.250.

Have you moved the NAS4Free to the LAN interface now?

irs

Actually it was beginning as i am new i wast knew many things than suggested in this post to protect well must do that on openvpn.

so now I am on openvpn but still am unable to access my nas4free from remote on openvpn.?

I hope explain it well?

P3R

Is NAS4Free connected to the LAN network 192.168.0.0/24?

Does it have the address 192.168.0.250/24?

irs

yes my nas4free is connected to my pfsense network address 192.168.0.0/24
and my NAS4FREE ip is 192.168.0.250
my DVR is also connected on the same network 192.168.0.137
and I am able to use it with that local network

my openvpn is connected on tunnel 10.0.7.0/24

my remote ip 192.168.10.0/24 windows machine

I can connect owncloud locally but can not connect through vpn.


P3R

Go to System, General, WebGUI, Hosts allow in NAS4Free admin GUI.

If you have only 192.168.0.0/24 configured there, change it to 192.168.0.0/24 192.168.10.0/24

Also in NAS4Free admin GUI:

Check that on Network, LAN Management, IP address you have the network set to /24

Check that you have Network, LAN Management, Gateway set to whatever address your pfsense have on it's LAN interface (in your first post it was 192.168.0.1).

irs

thx for the suggestions I will try and let you know the results.

Onece again Thank you for the help you and all other extended to me.

biggsy

@P3R:

Go to System, General, WebGUI, Hosts allow in NAS4Free admin GUI.

If you have only 192.168.0.0/24 configured there, change it to 192.168.0.0/24 192.168.10.0/24

Also in NAS4Free admin GUI:

Check that on Network, LAN Management, IP address you have the network set to /24

Check that you have Network, LAN Management, Gateway set to whatever address your pfsense have on it's LAN interface (in your first post it was 192.168.0.1).

You will also have to add 10.0.7.0/24 (your VPN network) to the NAS4Free hosts allow.

P3R

@biggsy:

You will also have to add 10.0.7.0/24 (your VPN network) to the NAS4Free hosts allow.

Will that be the source address of the traffic from the VPN?

If so, no reason to allow 192.168.10.0/24 then?

I don't know OpenVPN as you can see, I use IPSec.

Anyway, there must be something else that's very wrong since not even ping works…

biggsy

Yes, the OpenVPN tunnel IP will be needed.

In fact, I tried to access the Web UI of my own NAS4Free over OpenVPN (for the first time, I guess).  It didn't work until I added the tunnel network to System, General, WebGUI, Hosts allow.

I agree that there is something more serious going on if PING doesn't work.  Hard to tell what the OP has done though.