Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] OpenVPN: Can not Ping/Access Remote LAN

    OpenVPN
    4
    6
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bunkai.Satori
      last edited by

      Problem:

      Here is the description of my situation:

      • Below diagram displays my small test network topology

      • I can not ping and access TestPC1 from TestPC3 and TestPC2 (ping 192.168.168.240 does not work)

      • I can ping pfSense with OpenVPN runing from TestPC3 and TestPC2(ping 192.168.168.1 and ping 192.168.188.1 both work)

      • Test PC3 contains static route to VPN GW: 192.168.168.0 255.255.255.0 192.168.188.1

      • Test PC2 contains static route to VPN GW: 192.168.168.0 255.255.255.0 192.168.188.1

      • Test PC1 has DG: 192.168.168.1, which is the OpenVPN server

      • In other words, PC3 and PC2 should be able to find PC1, and PC1 sends all the responses to the pfSense Server, where the VLAN starts. It means, there should be communication between working in both directions

      My questions are:

      • What is wrong and why the communication does not work

      • Are there any tools that can show me the movement of packets on my network so I could understand what does not work?

      Network Topology:

      TestPC2 OpenVPN Client Log:

      
Wed Sep 09 09:46:00 2015 us=374489 Current Parameter Settings:
Wed Sep 09 09:46:00 2015 us=374489   config = 'firewall-udp-1194-vpn_user_name-config.ovpn'
Wed Sep 09 09:46:00 2015 us=374489   mode = 0
Wed Sep 09 09:46:00 2015 us=374489   show_ciphers = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   show_digests = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   show_engines = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   genkey = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   key_pass_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   show_tls_ciphers = DISABLED
Wed Sep 09 09:46:00 2015 us=374489 Connection profiles [default]:
Wed Sep 09 09:46:00 2015 us=374489   proto = udp
Wed Sep 09 09:46:00 2015 us=374489   local = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   local_port = 0
Wed Sep 09 09:46:00 2015 us=374489   remote = '[domainname].com'
Wed Sep 09 09:46:00 2015 us=374489   remote_port = 1194
Wed Sep 09 09:46:00 2015 us=374489   remote_float = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   bind_defined = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   bind_local = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   connect_retry_seconds = 5
Wed Sep 09 09:46:00 2015 us=374489   connect_timeout = 10
Wed Sep 09 09:46:00 2015 us=374489   connect_retry_max = 0
Wed Sep 09 09:46:00 2015 us=374489   socks_proxy_server = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   socks_proxy_port = 0
Wed Sep 09 09:46:00 2015 us=374489   socks_proxy_retry = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   tun_mtu = 1500
Wed Sep 09 09:46:00 2015 us=374489   tun_mtu_defined = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   link_mtu = 1500
Wed Sep 09 09:46:00 2015 us=374489   link_mtu_defined = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   tun_mtu_extra = 0
Wed Sep 09 09:46:00 2015 us=374489   tun_mtu_extra_defined = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   mtu_discover_type = -1
Wed Sep 09 09:46:00 2015 us=374489   fragment = 0
Wed Sep 09 09:46:00 2015 us=374489   mssfix = 1450
Wed Sep 09 09:46:00 2015 us=374489   explicit_exit_notification = 0
Wed Sep 09 09:46:00 2015 us=374489 Connection profiles END
Wed Sep 09 09:46:00 2015 us=374489   remote_random = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   ipchange = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   dev = 'tun'
Wed Sep 09 09:46:00 2015 us=374489   dev_type = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   dev_node = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   lladdr = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   topology = 1
Wed Sep 09 09:46:00 2015 us=374489   tun_ipv6 = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_local = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_remote_netmask = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_noexec = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_nowarn = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_ipv6_local = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_ipv6_netbits = 0
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_ipv6_remote = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   shaper = 0
Wed Sep 09 09:46:00 2015 us=374489   mtu_test = 0
Wed Sep 09 09:46:00 2015 us=374489   mlock = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   keepalive_ping = 0
Wed Sep 09 09:46:00 2015 us=374489   keepalive_timeout = 0
Wed Sep 09 09:46:00 2015 us=374489   inactivity_timeout = 0
Wed Sep 09 09:46:00 2015 us=374489   ping_send_timeout = 0
Wed Sep 09 09:46:00 2015 us=374489   ping_rec_timeout = 0
Wed Sep 09 09:46:00 2015 us=374489   ping_rec_timeout_action = 0
Wed Sep 09 09:46:00 2015 us=374489   ping_timer_remote = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   remap_sigusr1 = 0
Wed Sep 09 09:46:00 2015 us=374489   persist_tun = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   persist_local_ip = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   persist_remote_ip = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   persist_key = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   passtos = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   resolve_retry_seconds = 1000000000
Wed Sep 09 09:46:00 2015 us=374489   username = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   groupname = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   chroot_dir = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   cd_dir = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   writepid = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   up_script = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   down_script = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   down_pre = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   up_restart = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   up_delay = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   daemon = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   inetd = 0
Wed Sep 09 09:46:00 2015 us=374489   log = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   suppress_timestamps = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   nice = 0
Wed Sep 09 09:46:00 2015 us=374489   verbosity = 4
Wed Sep 09 09:46:00 2015 us=374489   mute = 0
Wed Sep 09 09:46:00 2015 us=374489   status_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   status_file_version = 1
Wed Sep 09 09:46:00 2015 us=374489   status_file_update_freq = 60
Wed Sep 09 09:46:00 2015 us=374489   occ = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   rcvbuf = 0
Wed Sep 09 09:46:00 2015 us=374489   sndbuf = 0
Wed Sep 09 09:46:00 2015 us=374489   sockflags = 0
Wed Sep 09 09:46:00 2015 us=374489   fast_io = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   lzo = 7
Wed Sep 09 09:46:00 2015 us=374489   route_script = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   route_default_gateway = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   route_default_metric = 0
Wed Sep 09 09:46:00 2015 us=374489   route_noexec = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   route_delay = 5
Wed Sep 09 09:46:00 2015 us=374489   route_delay_window = 30
Wed Sep 09 09:46:00 2015 us=374489   route_delay_defined = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   route_nopull = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   route_gateway_via_dhcp = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   max_routes = 100
Wed Sep 09 09:46:00 2015 us=374489   allow_pull_fqdn = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   management_addr = '127.0.0.1'
Wed Sep 09 09:46:00 2015 us=374489   management_port = 25340
Wed Sep 09 09:46:00 2015 us=374489   management_user_pass = 'stdin'
Wed Sep 09 09:46:00 2015 us=374489   management_log_history_cache = 250
Wed Sep 09 09:46:00 2015 us=374489   management_echo_buffer_size = 100
Wed Sep 09 09:46:00 2015 us=374489   management_write_peer_info_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   management_client_user = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   management_client_group = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   management_flags = 6
Wed Sep 09 09:46:00 2015 us=374489   shared_secret_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   key_direction = 2
Wed Sep 09 09:46:00 2015 us=374489   ciphername_defined = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   ciphername = 'AES-256-CBC'
Wed Sep 09 09:46:00 2015 us=374489   authname_defined = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   authname = 'SHA1'
Wed Sep 09 09:46:00 2015 us=374489   prng_hash = 'SHA1'
Wed Sep 09 09:46:00 2015 us=374489   prng_nonce_secret_len = 16
Wed Sep 09 09:46:00 2015 us=374489   keysize = 0
Wed Sep 09 09:46:00 2015 us=374489   engine = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   replay = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   mute_replay_warnings = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   replay_window = 64
Wed Sep 09 09:46:00 2015 us=374489   replay_time = 15
Wed Sep 09 09:46:00 2015 us=374489   packet_id_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   use_iv = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   test_crypto = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   tls_server = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   tls_client = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   key_method = 2
Wed Sep 09 09:46:00 2015 us=374489   ca_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   ca_path = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   dh_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   cert_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   priv_key_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   pkcs12_file = 'firewall-udp-1194-vpn_user_name.p12'
Wed Sep 09 09:46:00 2015 us=374489   cryptoapi_cert = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   cipher_list = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   tls_verify = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   tls_export_cert = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   verify_x509_type = 2
Wed Sep 09 09:46:00 2015 us=374489   verify_x509_name = 'OrganisationVPNServerCert'
Wed Sep 09 09:46:00 2015 us=374489   crl_file = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   ns_cert_type = 1
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_ku[i] = 0
Wed Sep 09 09:46:00 2015 us=374489   remote_cert_eku = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   ssl_flags = 0
Wed Sep 09 09:46:00 2015 us=374489   tls_timeout = 2
Wed Sep 09 09:46:00 2015 us=374489   renegotiate_bytes = 0
Wed Sep 09 09:46:00 2015 us=374489   renegotiate_packets = 0
Wed Sep 09 09:46:00 2015 us=374489   renegotiate_seconds = 3600
Wed Sep 09 09:46:00 2015 us=374489   handshake_window = 60
Wed Sep 09 09:46:00 2015 us=374489   transition_window = 3600
Wed Sep 09 09:46:00 2015 us=374489   single_session = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   push_peer_info = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   tls_exit = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   tls_auth_file = 'firewall-udp-1194-vpn_user_name-tls.key'
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_protected_authentication = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_private_mode = 00000000
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_cert_private = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_pin_cache_period = -1
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_id = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   pkcs11_id_management = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   server_network = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   server_netmask = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   server_network_ipv6 = ::
Wed Sep 09 09:46:00 2015 us=374489   server_netbits_ipv6 = 0
Wed Sep 09 09:46:00 2015 us=374489   server_bridge_ip = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   server_bridge_netmask = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   server_bridge_pool_start = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   server_bridge_pool_end = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_pool_defined = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_pool_start = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_pool_end = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_pool_netmask = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_pool_persist_refresh_freq = 600
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_ipv6_pool_defined = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_ipv6_pool_base = ::
Wed Sep 09 09:46:00 2015 us=374489   ifconfig_ipv6_pool_netbits = 0
Wed Sep 09 09:46:00 2015 us=374489   n_bcast_buf = 256
Wed Sep 09 09:46:00 2015 us=374489   tcp_queue_limit = 64
Wed Sep 09 09:46:00 2015 us=374489   real_hash_size = 256
Wed Sep 09 09:46:00 2015 us=374489   virtual_hash_size = 256
Wed Sep 09 09:46:00 2015 us=374489   client_connect_script = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   learn_address_script = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   client_disconnect_script = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   client_config_dir = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   ccd_exclusive = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   tmp_dir = 'C:\Users\Bunka\AppData\Local\Temp\'
Wed Sep 09 09:46:00 2015 us=374489   push_ifconfig_defined = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   push_ifconfig_local = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   push_ifconfig_remote_netmask = 0.0.0.0
Wed Sep 09 09:46:00 2015 us=374489   push_ifconfig_ipv6_defined = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   push_ifconfig_ipv6_local = ::/0
Wed Sep 09 09:46:00 2015 us=374489   push_ifconfig_ipv6_remote = ::
Wed Sep 09 09:46:00 2015 us=374489   enable_c2c = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   duplicate_cn = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   cf_max = 0
Wed Sep 09 09:46:00 2015 us=374489   cf_per = 0
Wed Sep 09 09:46:00 2015 us=374489   max_clients = 1024
Wed Sep 09 09:46:00 2015 us=374489   max_routes_per_client = 256
Wed Sep 09 09:46:00 2015 us=374489   auth_user_pass_verify_script = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   auth_user_pass_verify_script_via_file = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   client = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   pull = ENABLED
Wed Sep 09 09:46:00 2015 us=374489   auth_user_pass_file = 'stdin'
Wed Sep 09 09:46:00 2015 us=374489   show_net_up = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   route_method = 0
Wed Sep 09 09:46:00 2015 us=374489   ip_win32_defined = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   ip_win32_type = 3
Wed Sep 09 09:46:00 2015 us=374489   dhcp_masq_offset = 0
Wed Sep 09 09:46:00 2015 us=374489   dhcp_lease_time = 31536000
Wed Sep 09 09:46:00 2015 us=374489   tap_sleep = 0
Wed Sep 09 09:46:00 2015 us=374489   dhcp_options = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   dhcp_renew = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   dhcp_pre_release = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   dhcp_release = DISABLED
Wed Sep 09 09:46:00 2015 us=374489   domain = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   netbios_scope = '[UNDEF]'
Wed Sep 09 09:46:00 2015 us=374489   netbios_node_type = 0
Wed Sep 09 09:46:00 2015 us=374489   disable_nbt = DISABLED
Wed Sep 09 09:46:00 2015 us=374489 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
Wed Sep 09 09:46:00 2015 us=374489 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Wed Sep 09 09:46:00 2015 us=374489 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Sep 09 09:46:00 2015 us=374489 Need hold release from management interface, waiting...
Wed Sep 09 09:46:00 2015 us=864494 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Sep 09 09:46:00 2015 us=973389 MANAGEMENT: CMD 'state on'
Wed Sep 09 09:46:00 2015 us=973389 MANAGEMENT: CMD 'log all on'
Wed Sep 09 09:46:01 2015 us=159203 MANAGEMENT: CMD 'hold off'
Wed Sep 09 09:46:01 2015 us=160203 MANAGEMENT: CMD 'hold release'
Wed Sep 09 09:46:14 2015 us=673489 MANAGEMENT: CMD 'username "Auth" "vpn_user_name"'
Wed Sep 09 09:46:14 2015 us=689115 MANAGEMENT: CMD 'password [...]'
Wed Sep 09 09:46:14 2015 us=758594 Control Channel Authentication: using 'firewall-udp-1194-vpn_user_name-tls.key' as a OpenVPN static key file
Wed Sep 09 09:46:14 2015 us=758594 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 09 09:46:14 2015 us=758594 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 09 09:46:14 2015 us=758594 LZO compression initialized
Wed Sep 09 09:46:14 2015 us=758594 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
Wed Sep 09 09:46:14 2015 us=758594 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Sep 09 09:46:14 2015 us=758594 MANAGEMENT: >STATE:1441784774,RESOLVE,,,
Wed Sep 09 09:46:14 2015 us=842453 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
Wed Sep 09 09:46:14 2015 us=842453 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Wed Sep 09 09:46:14 2015 us=842453 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Wed Sep 09 09:46:14 2015 us=842453 Local Options hash (VER=V4): '9e7066d2'
Wed Sep 09 09:46:14 2015 us=842453 Expected Remote Options hash (VER=V4): '162b04de'
Wed Sep 09 09:46:14 2015 us=842453 UDPv4 link local (bound): [undef]
Wed Sep 09 09:46:14 2015 us=842453 UDPv4 link remote: [AF_INET][My Public IP Addr.]:1194
Wed Sep 09 09:46:14 2015 us=842453 MANAGEMENT: >STATE:1441784774,WAIT,,,
Wed Sep 09 09:46:14 2015 us=842453 MANAGEMENT: >STATE:1441784774,AUTH,,,
Wed Sep 09 09:46:14 2015 us=842453 TLS: Initial packet from [AF_INET][My Public IP Addr.]:1194, sid=21186e69 f17bd219
Wed Sep 09 09:46:14 2015 us=842453 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Sep 09 09:46:14 2015 us=873716 VERIFY OK: depth=1, C=SK, ST=MyCity, L=MyCity, O=Company, emailAddress=support@Organisation.com, CN=OrganisationVPNCA
Wed Sep 09 09:46:14 2015 us=873716 VERIFY OK: nsCertType=SERVER
Wed Sep 09 09:46:14 2015 us=873716 VERIFY X509NAME OK: C=SK, ST=MyCity, L=MyCity, O=Company, emailAddress=support@Organisation.com, CN=OrganisationVPNServerCert
Wed Sep 09 09:46:14 2015 us=873716 VERIFY OK: depth=0, C=SK, ST=MyCity, L=MyCity, O=Company, emailAddress=support@Organisation.com, CN=OrganisationVPNServerCert
Wed Sep 09 09:46:14 2015 us=957707 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Sep 09 09:46:14 2015 us=957707 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 09 09:46:14 2015 us=957707 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Sep 09 09:46:14 2015 us=957707 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 09 09:46:14 2015 us=957707 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Sep 09 09:46:14 2015 us=958194 [OrganisationVPNServerCert] Peer Connection Initiated with [AF_INET][My Public IP Addr.]:1194
Wed Sep 09 09:46:16 2015 us=155262 MANAGEMENT: >STATE:1441784776,GET_CONFIG,,,
Wed Sep 09 09:46:17 2015 us=352292 SENT CONTROL [OrganisationVPNServerCert]: 'PUSH_REQUEST' (status=1)
Wed Sep 09 09:46:17 2015 us=355285 PUSH: Received control message: 'PUSH_REPLY,route 192.168.168.0 255.255.255.0,dhcp-option DOMAIN Organisation.com,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 192.168.168.0 255.255.255.0,route-gateway 192.168.188.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.188.2 255.255.255.0'
Wed Sep 09 09:46:17 2015 us=355285 OPTIONS IMPORT: timers and/or timeouts modified
Wed Sep 09 09:46:17 2015 us=355285 OPTIONS IMPORT: --ifconfig/up options modified
Wed Sep 09 09:46:17 2015 us=355285 OPTIONS IMPORT: route options modified
Wed Sep 09 09:46:17 2015 us=355285 OPTIONS IMPORT: route-related options modified
Wed Sep 09 09:46:17 2015 us=355285 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Sep 09 09:46:17 2015 us=362299 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Sep 09 09:46:17 2015 us=362299 MANAGEMENT: >STATE:1441784777,ASSIGN_IP,,192.168.188.2,
Wed Sep 09 09:46:17 2015 us=362299 open_tun, tt->ipv6=0
Wed Sep 09 09:46:17 2015 us=364301 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{335D22B2-F76A-41B2-B16E-348169C58614}.tap
Wed Sep 09 09:46:17 2015 us=364301 TAP-Windows Driver Version 9.21 
Wed Sep 09 09:46:17 2015 us=364301 TAP-Windows MTU=1500
Wed Sep 09 09:46:17 2015 us=366301 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.188.0/192.168.188.2/255.255.255.0 [SUCCEEDED]
Wed Sep 09 09:46:17 2015 us=366301 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.188.2/255.255.255.0 on interface {335D22B2-F76A-41B2-B16E-348169C58614} [DHCP-serv: 192.168.188.254, lease-time: 31536000]
Wed Sep 09 09:46:17 2015 us=366301 DHCP option string: 0f0e6669 6c657265 736f7274 2e636f6d 06080808 08080808 0404
Wed Sep 09 09:46:17 2015 us=367290 Successful ARP Flush on interface [3] {335D22B2-F76A-41B2-B16E-348169C58614}
Wed Sep 09 09:46:22 2015 us=952185 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Wed Sep 09 09:46:22 2015 us=952185 MANAGEMENT: >STATE:1441784782,ADD_ROUTES,,,
Wed Sep 09 09:46:22 2015 us=953187 C:\Windows\system32\route.exe ADD 192.168.168.0 MASK 255.255.255.0 192.168.188.1
Wed Sep 09 09:46:22 2015 us=956188 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed Sep 09 09:46:22 2015 us=956188 Route addition via IPAPI succeeded [adaptive]
Wed Sep 09 09:46:22 2015 us=956188 C:\Windows\system32\route.exe ADD 192.168.168.0 MASK 255.255.255.0 192.168.188.1
Wed Sep 09 09:46:22 2015 us=959190 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=3]
Wed Sep 09 09:46:22 2015 us=959190 Route addition via IPAPI failed [adaptive]
Wed Sep 09 09:46:22 2015 us=959190 Route addition fallback to route.exe
Wed Sep 09 09:46:22 2015 us=959190 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed Sep 09 09:46:23 2015 us=5949 Initialization Sequence Completed
Wed Sep 09 09:46:23 2015 us=5949 MANAGEMENT: >STATE:1441784783,CONNECTED,SUCCESS,192.168.188.2,[My Public IP Addr.]
Wed Sep 09 10:46:14 2015 us=366478 TLS: soft reset sec=0 bytes=976355/0 pkts=8121/0
Wed Sep 09 10:46:14 2015 us=397729 VERIFY OK: depth=1, C=SK, ST=MyCity, L=MyCity, O=Company, emailAddress=support@Organisation.com, CN=OrganisationVPNCA
Wed Sep 09 10:46:14 2015 us=397729 VERIFY OK: nsCertType=SERVER
Wed Sep 09 10:46:14 2015 us=397729 VERIFY X509NAME OK: C=SK, ST=MyCity, L=MyCity, O=Company, emailAddress=support@Organisation.com, CN=OrganisationVPNServerCert
Wed Sep 09 10:46:14 2015 us=397729 VERIFY OK: depth=0, C=SK, ST=MyCity, L=MyCity, O=Company, emailAddress=support@Organisation.com, CN=OrganisationVPNServerCert
Wed Sep 09 10:46:14 2015 us=475693 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Sep 09 10:46:14 2015 us=475693 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 09 10:46:14 2015 us=475693 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Sep 09 10:46:14 2015 us=475693 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 09 10:46:14 2015 us=475693 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

[b]VPN Client Config File:[/b]
[code]
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote [domain name] 1194 udp
lport 0
verify-x509-name "OrganisationVPNServerCert" name
auth-user-pass
pkcs12 firewall-udp-1194-vpn_user_name.p12
tls-auth firewall-udp-1194-vpn_user_name-tls.key 1
ns-cert-type server
comp-lzo adaptive
verb 4
[/code]

Please let me know if you need more information, such as static routes or anything else. Thank you very much.[/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]
      1 Reply Last reply Reply Quote 0
      • The Computer GuyT
        The Computer Guy
        last edited by

        Going back to some basics,

        Firstly, you DO have a rule setup under the OpenVPN network to connect to your LAN network?

        Secondly, is ping enabled on the PC's?

        1 Reply Last reply Reply Quote 0
        • F
          Fmslick
          last edited by

          @The:

          Going back to some basics

          What he said..  ;)
          (KISS) an acronym for "Keep it simple, stupid"  https://en.m.wikipedia.org/wiki/KISS_principle

          What a ip scheme xD

          We all start same where

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            Step 0. Disable Windows "firewall".

            1 Reply Last reply Reply Quote 0
            • B
              Bunkai.Satori
              last edited by

              Hi Doktornotor, Fmslick, The Computer Guy,

              thank you very much for your advice. I have realized, for VPN communication, I have to open local firewall ports on the remote PC. Somehow I thought, because I have VPN connection, I am bypassing the firewall rules.

              Indeed I am bypassing the firewall but on the pfSense appliance only. On the remote PC I am trying to ping/access, I have to block the firewall or open appropriate ports. I have tried so many combinations and invested many hours into this problem just to find out that I have to open target device firewall ports.

              Indeed Doktornotor, you were perfectly correct. :-)

              Thank you very much that you were trying to help. I am marking this question as solved.

              Bye.

              1 Reply Last reply Reply Quote 0
              • F
                Fmslick
                last edited by

                @Bunkai.Satori:

                Hi Doktornotor, Fmslick, The Computer Guy,

                thank you very much for your advice. I have realized, for VPN communication, I have to open local firewall ports on the remote PC. Somehow I thought, because I have VPN connection, I am bypassing the firewall rules.

                Indeed I am bypassing the firewall but on the pfSense appliance only. On the remote PC I am trying to ping/access, I have to block the firewall or open appropriate ports. I have tried so many combinations and invested many hours into this problem just to find out that I have to open target device firewall ports.

                Indeed Doktornotor, you were perfectly correct. :-)

                Thank you very much that you were trying to help. I am marking this question as solved.

                Bye.

                I'm happy to hear you go it to work!!  ;)

                HAppy to hear you got it to work.

                We all start same where

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.