RDP wont work on FullTAP?
-
@milkwyrm yes, I am connecting to a server and I tried pinging, it gave me:
Destination host unreachable.I don't know about "CredSSP message?"
-
Some of the recent RDP patches from MS caused an issue where the device/server you were connecting to didnt have the same level of patching applied. You'd know it if you saw it.
You might want to confirm the firewalls on both client and server allow RDP and Ping (ICMP) through (even going so far as to temporarily turning the Windows firewalls off). Then, with the VPN running, check both can ping each other to confirm that the routing is correctly established. Then move on to resolving any RDP issue that may or may not exist. -
First off, thanks for your tips @Milkwyrm !
Second, I tried allowing remote desktop through group policy, AND turning windows firewall off - both gave me no luck. Turns out I cant RDP into a windows 10 computer either, which makes me think that this might be a OpenVPN issue?
I don't know if this means anything but I do get this log error when connecting into OpenVPN:
TLS Error: local/remote TLS keys are out of sync: my ip
TLS Error: local/remote TLS keys are out of sync: my ip
TLS Error: local/remote TLS keys are out of sync: my ip -
Looks like you are not connecting and have no routing at all.
Not really an RDP issue -
-
seems to be a fairly common issue.
https://forum.netgate.com/topic/113174/tls-error-local-remote-tls-keys-are-out-of-synchttps://www.google.com/search?q=TLS+Error%3A+local%2Fremote+TLS+keys+are+out+of+sync&ie=utf-8&oe=utf-8&client=firefox-b
You might want to start over. I always try to find at least 3 articles/how-to's for any setup I'm not experienced with and cheery pick the parts that are common between them to figure it out. My primary PFsense unit runs 13 IPSEC site-to-site tunnels and 2 Ovpn client/server instances and one Ovpn site-to-site without issue from day one, so it's definitely a rock solid solution once you figure it out.
-
@milkwyrm reconfigured my server, created new users and that TLS thing is gone, and I connect to the network with no problems now, I can browse the internet and sign into pfsense gui.
However, still cannot ping anything on the network
-
@profit i want to mention im not on a different subnet either, im actually bridged onto the LAN. Is this the moment where i post my config file in here?
-
Is there a particular reason you have for using a bridged network? I'm guessing from the first post this is a road warrior vpn rather than a static site to site connection.
Are you using local Auth, or AD for your users.
can you post the config for both ends (minus any sensitive info). -
@Milkwyrm No particular reason. Am using local auth.
verb 1 dev-type tap dev-node /dev/tap1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-128-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local x.x.x.x engine rdrand tls-server mode server push "route-gateway 10.0.1.1" username-as-common-name auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'ServerCert' 1" lport 1194 management /var/etc/openvpn/server1.sock unix push "redirect-gateway def1" client-to-client ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server1.tls-auth 0 ncp-ciphers AES-256-GCM:AES-128-GCM fast-iojava< -
Forget RDP not working, I'm having trouble connected to a mapped network drive at the office...
-
Have you set up your routing?
It is possible to have an openvpn connection but no routing. -
I've got a really stupid question but have you rebooted your pfSense box (on both ends if it's site-to-site). I had some trouble last week getting an OpenVPN connection set up. I've done it so many times I can't remember. I even wrote myself a step by step tutorial a few months ago just in case. But no matter how many times I reset everything and started over I couldn't ping the other side. Even tried resetting the firewall states after re-configuring.
I rebooted the pfSense boxes on both ends and BAM! It worked fine.
Last thought, you've got the firewall rules in pfSense, right?
