Unable to reach LAN IP after connecting to openvpn
-
@johnpoz Hi,
Please find below the VPN config details
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-disable
auth SHA1
tls-client
client
resolv-retry infinite
remote 182.71.195.102 1194 udp
verify-x509-name "IndepayVPNCertificate" name
auth-user-pass
pkcs12 pfSense-UDP4-1194-ayanbanerjee.p12
tls-auth pfSense-UDP4-1194-ayanbanerjee-tls.key 1
remote-cert-tls server
172.16.12.2 is getting when my vpn got connected.
-
why are you putting that in custom options? Remove that.
Is your client getting the option to force all traffic out tunnel. What is the clients IP, not its vpn tunnel IP it gets. As already mentioned if your remove client is on the same network as your remote network its not going to work.
Lets see your clients route after you connect and the status of when your client connects... example
see here is my routes being added to the client per my above post
Fri Jun 15 09:46:45 2018 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Fri Jun 15 09:46:45 2018 MANAGEMENT: >STATE:1529074005,ADD_ROUTES,,,,,,
Fri Jun 15 09:46:45 2018 C:\Windows\system32\route.exe ADD 192.168.9.0 MASK 255.255.255.0 10.0.8.1
Fri Jun 15 09:46:45 2018 Route addition via service succeeded
Fri Jun 15 09:46:45 2018 C:\Windows\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 10.0.8.1
Fri Jun 15 09:46:45 2018 Route addition via service succeeded
Fri Jun 15 09:46:45 2018 C:\Windows\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 10.0.8.1
Fri Jun 15 09:46:45 2018 Route addition via service succeeded
Fri Jun 15 09:46:45 2018 Initialization Sequence Completed -
I just got home from dentist so it didn't work at the denist internet... I can connect using my cell to pfsense.. says I get the 192.168.100.2 address but I loose internet and I cant ping...
how do I post the config files or do I post just the screen captures?
-
I did config export files only this is what I got
dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA1
tls-client
client
resolv-retry infinite
remote 174.94.28.5 1194 udp
verify-x509-name "mikeshouseserver" name
pkcs12 pfSense-UDP4-1194-mikeshouseclient.p12
tls-auth pfSense-UDP4-1194-mikeshouseclient-tls.key 1
remote-cert-tls server -
-
-
sorry pics seem to have posted out of order... but that's the settings of the server settings.. is there any other screen shots you need?
-
@comet424 said in Unable to reach LAN IP after connecting to openvpn:
but I loose internet and I cant ping…
Can't ping what?? Is what your trying to ping set to allow you to ping from 192.168.100/24 - for example windows out of the box firewall will not answer ping unless your on the same network..
You have to adjust the host firewall. For you to get internet access via this vpn connection, did you set your outbound nat for your tunnel network.. Should of done that for you, but if you had changed to say manual mode on your outbound nat than it wouldn't..
When you connect to your vpn, can you ping your lan IP of pfsense?
-
@johnpoz Hi, I have already removed the custom option.
My client IP is 192.168.5.100 -
so do a traceroute.. What do you get from that?
example here is traceroute to IP on my home lan network
C:\Windows\System32>tracert -d 192.168.9.100
Tracing route to 192.168.9.100 over a maximum of 30 hops
1 101 ms 108 ms 103 ms 10.0.8.1
2 106 ms 101 ms 109 ms 192.168.9.100Trace complete.
C:\Windows\System32>
Its long because my proxy is all the way in TX, while I am at work in Chicago, so from chicago to hou, back to chicago, etc. So yeah some added latency.
Ping and traceroute to the pfsense lan IP.. For example my pfsense IP on my lan is 192.168.9.253.. You trying to talk to devices on your lan might have host firewalls blocking your remote tunnel IP.
-
@johnpoz Hi, here is the story, I am able to reach the pfsense lan ip which is 192.168.1.2 but to ping any f the ip which are belongs to 192.168.1.x series.
-
Well then your going down the tunnel and as already stated points to host firewall, or the host your trying to ping using a different gateway other than pfsense.
You not being able to get to say public iP 8.8.8.8 down the tunnel would point to outbound nat not configured for your tunnel network on pfsense.
-
@johnpoz Hi, we are using only one GW and that is PfSense local ip 192.168.1.2 and also able to ping 8.8.8.8 or 4.4.2.2 when I am in VPN.
I am really clueless now :( -
@johnpoz Hi, I got an log below, please help me to understand the same
Fri Jun 15 22:54:01 2018 Block_DNS: Using existing sublayer
Fri Jun 15 22:54:01 2018 Block_DNS: Added permit filters for exe_path
Fri Jun 15 22:54:01 2018 Block_DNS: Added block filters for all interfaces
Fri Jun 15 22:54:02 2018 Block_DNS: Added permit filters for TAP interface
Fri Jun 15 22:54:07 2018 Warning: address 192.168.1.2 is not a network address in relation to netmask 255.255.255.0
Fri Jun 15 22:54:07 2018 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=9]
Fri Jun 15 22:54:07 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Jun 15 22:54:07 2018 Initialization Sequence Completed -
here is my outbound nat I setas for the pinging what I ment was on my cell I have a Ping program when I'm not on my vpn I can ping say 192.168.0.15 which is my Freenas IP as soon as I connect to VPN I get the 192.168.100.2 for my cell and I loose all internet.. I can no longer ping 192.168.0.15(freenas) I cant ping 192.168.0.1 the router or 192.168.100.1 which be the router I in virtual lan setting and this happens when I connect open vpn using my home internet or at the coffee shop
I'm sure its something simple like a check box I missed that's causing all this right? for the traceroute id have to be at the coffee shop with the openvpn to get the results you want correct?
-
the only ip address I can ping while on vpn is 192.168.100.2 which is the cells ip address for the vpn..
so I confused I thought was so simple like the video showed boom boom boom done now your perfectly connected... I had to missed a step some how probably some check box I missed
-
here is the Rules pics for the firewall for the openvpn -
@ayanbanerjee said in Unable to reach LAN IP after connecting to openvpn:
Fri Jun 15 22:54:07 2018 Warning: address 192.168.1.2 is not a network address in relation to netmask 255.255.255.0
That is not a network that is a host!!! network would be 192.168.1.0/24
-
you have 2 different people posting different issues. Its becoming a bit hard to follow..
One guy says he has no problem getting to the internet through the vpn, the other says he can't etc. Just because your both having issues getting to your lan behind pfsense does not mean they are related to why.
I wold suggest the 2nd guy start your own thread.
-
@comet424 Based on your screenshots, your outbound NAT only allows the specific IPs of 192.168.0.51 and 192.168.0.52 outbound to internet. Any other clients will not be NAT'd so they will not be route-able on the internet. You need to add outbound NAT for your VPN subnet. If you are receiving an IP of 192.168.100.2 on your phone than I am guessing your VPN subnet is 192.168.100.0/24. You should create a NAT rule for that network outbound. You will not need to select static port on that entry. As a side note, if you want the VPN to just give you access to things on your local network and don't need or want VPN access, you don't need the NAT entry but you need to make sure the box that says "Force all client generated traffic through the VPN" is unchecked in your VPN server settings.
Hope that helps.