Can't reach Lan host in OpenVPN tab mode
-
@hunteralberto said in Can't reach Lan host in OpenVPN tab mode:
I add a "permit all" rule in the firewall on the Wan,
I understand that you are testing, but a "permit all" on WAN is bad, very bad.
As told in the Official pfSEnse Video's, "bridging" is possible, but tricky.
Can you ping your host (what host ? where ?) from pfSense, using the console menu ?
The default LAN rule works just fine - what did you change ?
-
@Gertjan said in Can't reach Lan host in OpenVPN tab mode:
but tricky
Hi, thanks for your reply.
I know a permit all is a bad idea, but just wand to make this work.
I install the OpenVPN client in a Windows PC (this PC is the cliend that will connect to the pfsense OpenVPN server. It is outside the pfsense networks), import the ".ovpn" downloaded form the pfsense, and I connect to the pfsense OpenVPN server via the pfsense Wan interface. From the Windows PC I can ping the Wan and Lan interface of the pfsense, but can't reach the hosts on the pfsense Lan side.
Thanks...
-
Can you ping your host (what host ? where ?) from pfSense, using the console menu ?
Can you open the pfSense GUI using its URL or http://192.168.1.1 ?
ipconfig /allOn your connected PC says what ?
OpenVPN client log ?
Open VPN server log ? -
Can you open the pfSense GUI using its URL or http://192.168.1.1 ?
You mean if I can open it form the windows client when I connect to the VPN. No, I can't. The Ip is 172.16.1.1. I can Ping it but can't access http. In the local 172.16.1.x I can access http, this the way that i configure the pfsense.
ipconfig /all
C:\Users\Alberto Leonor>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-GJ1C193
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : DC-4A-3E-EF-2C-0D
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesWireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 08-D4-0C-37-0E-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesWireless LAN adapter Local Area Connection* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 0A-D4-0C-37-0E-79
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes**Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-9B-C6-92-BE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.1.130(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, April 16, 2019 3:18:24 PM
Lease Expires . . . . . . . . . . : Wednesday, April 15, 2020 3:18:23 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.16.1.0
NetBIOS over Tcpip. . . . . . . . : Enabled**Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3165
Physical Address. . . . . . . . . : 08-D4-0C-37-0E-79
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.20.10.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Lease Obtained. . . . . . . . . . : Tuesday, April 16, 2019 3:18:15 PM
Lease Expires . . . . . . . . . . : Wednesday, April 17, 2019 3:03:50 PM
Default Gateway . . . . . . . . . : 172.20.10.1
DHCP Server . . . . . . . . . . . : 172.20.10.1
DNS Servers . . . . . . . . . . . : 172.20.10.1
NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 08-D4-0C-37-0E-7D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesC:\Users\Alberto Leonor>
OpenVPN client log
Tue Apr 16 15:18:22 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019
Tue Apr 16 15:18:22 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Apr 16 15:18:22 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Tue Apr 16 15:18:22 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]179.52.36.250:1194
Tue Apr 16 15:18:22 2019 UDP link local (bound): [AF_INET][undef]:1194
Tue Apr 16 15:18:22 2019 UDP link remote: [AF_INET]179.52.36.250:1194
Tue Apr 16 15:18:23 2019 [OPENVPNSERVER] Peer Connection Initiated with [AF_INET]179.52.36.250:1194
Tue Apr 16 15:18:24 2019 open_tun
Tue Apr 16 15:18:24 2019 TAP-WIN32 device [Ethernet 2] opened: \.\Global{9BC692BE-40A9-4D8C-98FC-85C1C54EF87D}.tap
Tue Apr 16 15:18:24 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.1.130/255.255.255.0 on interface {9BC692BE-40A9-4D8C-98FC-85C1C54EF87D} [DHCP-serv: 172.16.1.0, lease-time: 31536000]
Tue Apr 16 15:18:24 2019 Successful ARP Flush on interface [41] {9BC692BE-40A9-4D8C-98FC-85C1C54EF87D}
Tue Apr 16 15:18:29 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Apr 16 15:18:29 2019 Initialization Sequence CompletedOpen VPN server log
Apr 16 15:25:06 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:25:06 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:25:06 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:26:01 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:26:01 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:26:02 openvpn 86479 MANAGEMENT: CMD 'quit'
Apr 16 15:26:02 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:27:03 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:27:03 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:27:03 openvpn 86479 MANAGEMENT: CMD 'quit'
Apr 16 15:27:03 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:28:04 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:28:04 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:28:05 openvpn 86479 MANAGEMENT: CMD 'quit'
Apr 16 15:28:05 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:29:06 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:29:06 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:29:06 openvpn 86479 MANAGEMENT: CMD 'quit'
Apr 16 15:29:06 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:30:07 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:30:08 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:30:08 openvpn 86479 MANAGEMENT: CMD 'quit'
Apr 16 15:30:08 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:31:09 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:31:09 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:31:10 openvpn 86479 MANAGEMENT: CMD 'quit'
Apr 16 15:31:10 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:32:11 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:32:11 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:32:11 openvpn 86479 MANAGEMENT: CMD 'quit'
Apr 16 15:32:11 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:32:59 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:33:00 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:33:00 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:33:00 openvpn 86479 MANAGEMENT: Client disconnected
Apr 16 15:33:12 openvpn 86479 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 16 15:33:12 openvpn 86479 MANAGEMENT: CMD 'status 2'
Apr 16 15:33:13 openvpn 86479 MANAGEMENT: CMD 'quit'
Apr 16 15:33:13 openvpn 86479 MANAGEMENT: Client disconnectedDoes this help?
Thanks. -
-
Follow this guide and recheck all your settings: https://docs.netgate.com/pfsense/en/latest/book/openvpn/bridged-openvpn-connections.html
-Rico
-
@Rico
Hi Rico,The configuration is exactly like the guide you send me.
Hope you could help me,
Thanks, -
Question :
@hunteralberto said in Can't reach Lan host in OpenVPN tab mode:
Description . . . . . . . . . . . : TAP-Windows Adapter V9
.....
DHCP Server . . . . . . . . . . . : 172.16.1.0A DHCP server living on an IP ending with 0 ?? That's new for me.
-
Yes, this is so weird for me too.
I set the DHCP setting in the "Server Bridge DHCP Start/End" in the OpenVPN server setting.
Any idea?
-
@hunteralberto said in Can't reach Lan host in OpenVPN tab mode:
Any idea?
Yes.
A DHCP server needs a host address. Not a network address, like the one terminating with 0.But maybe this is just don't care situation because :
@hunteralberto said in Can't reach Lan host in OpenVPN tab mode:
Everything work fine, the remote client connect well, DHCP is Assigned well ....
-
That set. I dont know if firewall is blocking traffic or something like this.
-
Me neither ;)
But a firewall does what you want - you are the boss ^^
Idea : make your rules verbose and have a look at the firewall logs.
