How to access Nas4free behind pfsense openvpn

biggsy

irs,

Let's see if we can get to the bottom of this.

Is it the NAS4Free web GUI that you cannot access, shares on NAS4Free or both?

What is the IP address of your OpenVPN client before you your start OpenVPN?  Is it always in the range 192.168.10.0/24?

Your pfSense subnets are as follows:
  LAN - 192.168.0.0/24  (NAS4Free is in that subnet.  Correct?)
  Tunnel - 10.0.7.0/24
Correct?

Can you please post screenshots of the following:

Each of these sections from pfSense GUI:
    VPN / OpenVPN / Servers / Edit
    Firewall / Rules / WAN
    Firewall / Rules / OpenVPN
    Firewall / NAT / Port Forward

From NAS4Free:
    System > General Setup
    Network > LAN Management
    Network > Firewall
    WebGUI section of System > General Setup

johnpoz

can your nas4free get to the internet?  Your first post stated

1. Nas4free ip: 10.0.10.15

I think I am going to fireup a copy of nas4fee on my esxi host.. This really should be just clickity clickity!!

edit:  Like I thought clickity clickity..  Fired up nas4free as vm on my home network esxi host.  Set it to dhcp, got IP address 192.168.9.218, I then accessed the gui and setup the host allow in general to allow my vpn tunnel network and my local 192.168.9.0/24 network.

Bing bang zoom - into the gui from my vpn connection, before this got the 403 forbidden error.

biggsy

@johnpoz:

can your nas4free get to the internet?  Your first post stated

1. Nas4free ip: 10.0.10.15

That was in this thread.  Here it's on the LAN.

Maybe a mod could lock the other topics in NAT and General Questions

johnpoz

No in this thread go to the top of the page he states 10.0.10.15  Which is why you don't freaking cross post ;)

I have no idea what he is doing - this literally took a minute to setup…. There is nothing special to do other than allow your vpn tunnel network access via the screenshot I posted.

irs

@biggsy:

irs,

Let's see if we can get to the bottom of this.

Is it the NAS4Free web GUI that you cannot access, shares on NAS4Free or both?

What is the IP address of your OpenVPN client before you your start OpenVPN?  Is it always in the range 192.168.10.0/24?

Your pfSense subnets are as follows:
  LAN - 192.168.0.0/24  (NAS4Free is in that subnet.  Correct?)
  Tunnel - 10.0.7.0/24
Correct?

Can you please post screenshots of the following:

Each of these sections from pfSense GUI:
    VPN / OpenVPN / Servers / Edit
    Firewall / Rules / WAN
    Firewall / Rules / OpenVPN
    Firewall / NAT / Port Forward

From NAS4Free:
    System > General Setup
    Network > LAN Management
    Network > Firewall
    WebGUI section of System > General Setup


irs

@biggsy:

irs,

Let's see if we can get to the bottom of this.

Is it the NAS4Free web GUI that you cannot access, shares on NAS4Free or both?

What is the IP address of your OpenVPN client before you your start OpenVPN?  Is it always in the range 192.168.10.0/24?

Your pfSense subnets are as follows:
  LAN - 192.168.0.0/24  (NAS4Free is in that subnet.  Correct?)
  Tunnel - 10.0.7.0/24
Correct?

Can you please post screenshots of the following:

Each of these sections from pfSense GUI:
    VPN / OpenVPN / Servers / Edit
    Firewall / Rules / WAN
    Firewall / Rules / OpenVPN
    Firewall / NAT / Port Forward

From NAS4Free:
    System > General Setup
    Network > LAN Management
    Network > Firewall
    WebGUI section of System > General Setup


irs

@johnpoz:

can your nas4free get to the internet?  Your first post stated

1. Nas4free ip: 10.0.10.15

I think I am going to fireup a copy of nas4fee on my esxi host.. This really should be just clickity clickity!!

edit:  Like I thought clickity clickity..  Fired up nas4free as vm on my home network esxi host.  Set it to dhcp, got IP address 192.168.9.218, I then accessed the gui and setup the host allow in general to allow my vpn tunnel network and my local 192.168.9.0/24 network.

Bing bang zoom - into the gui from my vpn connection, before this got the 403 forbidden error.

Thx dear, Yes I changed as I was trying different options at different times. but still no luck my nas4free can not access internet. I have installed it in new machine without firewall but still nas4free can not access internet.

The host you suggested I tried that as well but no luck. i tried with several ip but no way.


biggsy

I thought the problem was that you couldn't access teh NAS4Free from OpenVPN.

You are now saying that it can't access the internet.

@biggsy:

irs,

Can you please post screenshots of the following:

Each of these sections from pfSense GUI:
    VPN / OpenVPN / Servers / Edit
    Firewall / Rules / WAN
    Firewall / Rules / OpenVPN
    Firewall / NAT / Port Forward

From NAS4Free:
    System > General Setup
    Network > LAN Management
    Network > Firewall
    WebGUI section of System > General Setup

And the rest of it?  BTW, you could cut down the repetition in the screenshots  ;)

Why do you have 0.0.0.1/1, 1.0.0.0/2, 2.0.0.0/3 and 192.168.10.0/24 in the Hosts Allow?

I think you might need to learn something about networking before you go any further.

irs

some other guy suggested to have allow host and try though i tried 192.168.10.0/24 10.0.7.0/24 but no luck

johnpoz

dude can your nas4free access the internet or not?

I already posted how freaking clickity clickity simple it is to allow access from other networks.  Your screenshots are not even the correct place to do that for access to the webgui..

irs

even new system can not ping internet


irs

@johnpoz:

dude can your nas4free access the internet or not?

I already posted how freaking clickity clickity simple it is to allow access from other networks.  Your screenshots are not even the correct place to do that for access to the webgui..

No my n4f can not access internet

johnpoz

well if it can not get to internet - how and the F do you think you could get to it from vpn through the internet

Is pfsense its gateway?  Can it ping pfsense gateway?  What are the rules on your pfsense interface this nas is connected to?  Are you using captive portal?

irs

@biggsy:

I thought the problem was that you couldn't access teh NAS4Free from OpenVPN.

You are now saying that it can't access the internet.

@biggsy:

irs,

Can you please post screenshots of the following:

Each of these sections from pfSense GUI:
    VPN / OpenVPN / Servers / Edit
    Firewall / Rules / WAN
    Firewall / Rules / OpenVPN
    Firewall / NAT / Port Forward

From NAS4Free:
    System > General Setup
    Network > LAN Management
    Network > Firewall
    WebGUI section of System > General Setup

And the rest of it?  BTW, you could cut down the repetition in the screenshots  ;)

Why do you have 0.0.0.1/1, 1.0.0.0/2, 2.0.0.0/3 and 192.168.10.0/24 in the Hosts Allow?

I think you might need to learn something about networking before you go any further.






irs

@johnpoz:

well if it can not get to internet - how and the F do you think you could get to it from vpn through the internet

Is pfsense its gateway?  Can it ping pfsense gateway?  What are the rules on your pfsense interface this nas is connected to?  Are you using captive portal?

yes my gateway is pfsense and I can ping nas4free witin pfsense. No I am not using captive portal.

biggsy

:o  Got WannaCrypt yet?

Why do you have all those ports open on WAN!!!  All you need open on the WAN is OpenVPN.

Do a fresh install of pfSense to clear out all those rules.

Redo your OpenVPN configuration and client export. Use the standard UDP port 1194. Set your tunnel network to 172.23.45.0/24 or something else in that range.  (With your tunnel set to 10.0.7.0/24, if you try to use OpenVPN from a network that uses the 10.0.0.0/8 range, you will have problems.)

NAS4Free GUI can just run on TCP port 443.  Change the NAS4Free Hosts Allow setting to match your tunnel network and the LAN.  (VPN access to any SMB shares can be dealt with later.)

irs

ok I will do that as per your Guide.

Will let you know after fresh install.

Thx for your help and guide. i hope it will work this time. But I tried to install nas4free fresh but it can not ping internet.

johnpoz

WTF… Yeah start clean!  How do you think forwarding the same port to different IPs would ever work?

And why in the world would you forward netbios from internet into your network?

Why/How could you have a source of your lan net hitting your wan, trying to go to 10.10.25.158??

irs

@johnpoz:

WTF… Yeah start clean!  How do you think forwarding the same port to different IPs would ever work?

And why in the world would you forward netbios from internet into your network?

Why/How could you have a source of your lan net hitting your wan, trying to go to 10.10.25.158??

Yes I understand my mistake I should be careful next time not to forward same port to different ips.

the netbios I don't remember why?

that address 10.10.25.158 is another mistake.

Thanks for pointing and helping to understand my mistakes.

johnpoz

BTW, unless you have a VIP setup on your wan.. The destination on a port forward is always going to be your WAN address.  * is not how you want to set it..