Unable to reach LAN IP after connecting to openvpn
-
@ayanbanerjee One more thing I need to add that only the lan GW ip that is 192.168.1.2 is reachable from vpn but not other ips.
-
I having similar issue
I followed this guys video
https://www.youtube.com/watch?v=Q6YbCQEiC3c
I was able to connect from a home depot connection to my home pfsense.. I get the 192.168.1.100 ip and it shows my internet IP but I cant ping I cant access my local network as my local network is 192.168.0.x so I cant even remote desktop say server1 so I cant access openvpn like I'm physically on my local network yet it says its connect.. and I was told you can access your local LAN like you physically on the network with openvpn when your away -
@comet424 said in Unable to reach LAN IP after connecting to openvpn:
and I was told you can access your local LAN like you physically on the network with openvpn when your away
You can.. You just have to setup whatever you local network is so it gets handed off to the client. And your going to run into problems if your home network is the same as the remote network the client is on.
So say your home network is 192.168.0/24 and your at starbucks and they give your client a 192.168.0/24 IP.. Your client is not going to go down the tunnel to get to 192.168.0 because to it is physical on that network.
This why its best to not use a common IP scheme at home if your planning on vpn into it.. 192.168.0 and 192.168.1 are very common default networks so pick something else for your home network address schemes so your unlikely to run into a conflict.
or set vpn client to always go down the tunnel with force, but you should always setup your local networks that you will want to get to as well. Example
-
ok ill try it at a tim hortons coffee shop today as I gotta goto the dentist.. I click on the Force all client...
I tried connecting my cell on my current network with the openvpn and same as before I notice I cant ping my network
disconnect open vpn.. I can ping 192.168.0.15 (freenas server)
connect to open vpn I can no longer ping 192.168.0.15 or any ip address's I have noticed when I have tried other tutorials I loose internet once connected to a vpn disconnect vpn internet is back... but ill try the force one firstand maybe its not working right right now cuz I'm on my network at home so ill give it a shot after my dentist appointment this morning
reason for vpn I wanna be able to remote destop my windows servers without needing to set different ports for remote desktop and port forwarding.. and I wasn't able to figure how to get it to go server1.example.com server2.example.com server3.example.com be some kinda reverse name thing or something
and my final goal is to have a freenas at home and a freenas at my sisters house that sync data between them but securelyand 2nd last goal is to purchase a vpn service so my searching online etc isn't monitored by my service provider.... but first issue was the accessing my network easily... hopefully this not too confusing I do have dyslexia so what comes out of my head isn't always written right
-
@comet424 Thanks for your help but I am able to access the pfsense local ip after connected to vpn but able to access other ips which are in the same series.
Regards,
Ayan -
and I forgot to say if I use openvpn on my cell on my current network right now I loose internet I was mentioning above.. and that's with the force IP client button checked off you mentioned.. I disconnect from openvpn and internet is back... is that another setting I need or is it just conflicting
hopefully fixs when I test at the coffee shop
-
ayanbanerjee ah ok.. your 1 up on me.. I unable to ping my pfsense router 192.168.0.1 or 192.168.0.100.1 for the virtual network.. I followed that guys video and I unable to ping anything or get internet and I followed his instructions I watched the video 10 times still no luck and I mentioned it on youtube if you have the same ip address at like the guy said about starbucks what happens.. as its going to happen.. so I going to try his Force the client button and I going to try after the dentist... if doesn't work I going to try changing my ip address from 192.168.0.x to 192.168.254.x and the virtual ip to 192.168.253.x say as odds are no one uses it.. and I not sure if I can use 192.169.x.x over 20 yrs I been taught and used 192.168.0.x back in 90s using Wingate and Sygate trying to share internet over a dialup and network and network cards with dip switchs
problems over years gotten better but still problems I seen just different ones lol. like this vpn stuff I trying to teach myself lol -
@comet424 As per the video I have changed the VPN ip pool 172.16.12.x but same thing ... still I am unable to ping any of the lan ip which are belongs on 192.168.1.x series.
-
Please post up your openvpn config, your client config and what IP is your client on when you connect..
Not going to watch a 15 min video for something that takes 30 seconds to setup. Clickity Clickity through the wizard, export the client config = done..
-
@johnpoz Hi,
Please find below the VPN config details
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-disable
auth SHA1
tls-client
client
resolv-retry infinite
remote 182.71.195.102 1194 udp
verify-x509-name "IndepayVPNCertificate" name
auth-user-pass
pkcs12 pfSense-UDP4-1194-ayanbanerjee.p12
tls-auth pfSense-UDP4-1194-ayanbanerjee-tls.key 1
remote-cert-tls server
172.16.12.2 is getting when my vpn got connected.
-
why are you putting that in custom options? Remove that.
Is your client getting the option to force all traffic out tunnel. What is the clients IP, not its vpn tunnel IP it gets. As already mentioned if your remove client is on the same network as your remote network its not going to work.
Lets see your clients route after you connect and the status of when your client connects... example
see here is my routes being added to the client per my above post
Fri Jun 15 09:46:45 2018 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Fri Jun 15 09:46:45 2018 MANAGEMENT: >STATE:1529074005,ADD_ROUTES,,,,,,
Fri Jun 15 09:46:45 2018 C:\Windows\system32\route.exe ADD 192.168.9.0 MASK 255.255.255.0 10.0.8.1
Fri Jun 15 09:46:45 2018 Route addition via service succeeded
Fri Jun 15 09:46:45 2018 C:\Windows\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 10.0.8.1
Fri Jun 15 09:46:45 2018 Route addition via service succeeded
Fri Jun 15 09:46:45 2018 C:\Windows\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 10.0.8.1
Fri Jun 15 09:46:45 2018 Route addition via service succeeded
Fri Jun 15 09:46:45 2018 Initialization Sequence Completed
-
I just got home from dentist so it didn't work at the denist internet... I can connect using my cell to pfsense.. says I get the 192.168.100.2 address but I loose internet and I cant ping...
how do I post the config files or do I post just the screen captures?
-
I did config export files only this is what I got
dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA1
tls-client
client
resolv-retry infinite
remote 174.94.28.5 1194 udp
verify-x509-name "mikeshouseserver" name
pkcs12 pfSense-UDP4-1194-mikeshouseclient.p12
tls-auth pfSense-UDP4-1194-mikeshouseclient-tls.key 1
remote-cert-tls server -
-
-
sorry pics seem to have posted out of order... but that's the settings of the server settings.. is there any other screen shots you need?
-
@comet424 said in Unable to reach LAN IP after connecting to openvpn:
but I loose internet and I cant ping…
Can't ping what?? Is what your trying to ping set to allow you to ping from 192.168.100/24 - for example windows out of the box firewall will not answer ping unless your on the same network..
You have to adjust the host firewall. For you to get internet access via this vpn connection, did you set your outbound nat for your tunnel network.. Should of done that for you, but if you had changed to say manual mode on your outbound nat than it wouldn't..
When you connect to your vpn, can you ping your lan IP of pfsense?
-
@johnpoz Hi, I have already removed the custom option.
My client IP is 192.168.5.100 -
so do a traceroute.. What do you get from that?
example here is traceroute to IP on my home lan network
C:\Windows\System32>tracert -d 192.168.9.100
Tracing route to 192.168.9.100 over a maximum of 30 hops
1 101 ms 108 ms 103 ms 10.0.8.1
2 106 ms 101 ms 109 ms 192.168.9.100Trace complete.
C:\Windows\System32>
Its long because my proxy is all the way in TX, while I am at work in Chicago, so from chicago to hou, back to chicago, etc. So yeah some added latency.
Ping and traceroute to the pfsense lan IP.. For example my pfsense IP on my lan is 192.168.9.253.. You trying to talk to devices on your lan might have host firewalls blocking your remote tunnel IP.
-
@johnpoz Hi, here is the story, I am able to reach the pfsense lan ip which is 192.168.1.2 but to ping any f the ip which are belongs to 192.168.1.x series.
