Another "cant reach lan shares trough vpn"



  • So i created a openvpn server on my pfsense box today following this guide: https://www.youtube.com/watch?v=VdAHVSTl1ys however i cant reach my server at home from my pc at work when i connect to the vpn. I can ping the address tho, if i connect to the vpn from my pc at home that is in the same switch as the server it works fine, probably cuz i alrdy got the drives mounted on this computer?

    This is some of the settings i got:


    This is how i do the client export

    I dont recieve any default gateway when i connect to the vpn, dunno if that has something to do with the issue?



  • When you connect from inside the network you aren't actually using the VPN to reach it.

    It's one of the same reasons for all the other "can't reach LAN shares" threads. Most likely, firewall on the destination server blocking off-subnet traffic, and/or server having the wrong subnet mask or gateway IP.



  • @cmb:

    When you connect from inside the network you aren't actually using the VPN to reach it.

    It's one of the same reasons for all the other "can't reach LAN shares" threads. Most likely, firewall on the destination server blocking off-subnet traffic, and/or server having the wrong subnet mask or gateway IP.

    I have set the firewall to off so i doubt that be the problem… the server is using 3 nic's and all have ip 192.168.1.*** so i dunno. running windows server 2012 r2 if that matters.



  • 3 NICs all having IPs on the same subnet is a really bad idea. The server's probably confused on what IP to reply from, leaving you with a mess for off-subnet traffic depending on which IP of the server you're using.



  • @cmb:

    3 NICs all having IPs on the same subnet is a really bad idea. The server's probably confused on what IP to reply from, leaving you with a mess for off-subnet traffic depending on which IP of the server you're using.

    havent been any problems whatsoever. the first nic has always worked as rdp share etc so i find it hard to believe that the issue is that, Do i have to make some sort of connections between 192.168.1.1/24 and 192.168.2.0/24 other then in the image above? oh just another thing, i cant reach my pc aswell, so its not a nic issue



  • It's a bad practice regardless. Your PC could well have a similar issue with a host firewall. Or the client might be missing the route entirely, check the OpenVPN log and the system's routing table.



  • @cmb:

    It's a bad practice regardless. Your PC could well have a similar issue with a host firewall. Or the client might be missing the route entirely, check the OpenVPN log and the system's routing table.

    Why is that a bad practice? i got a rack server running several csgo servers etc, isnt it just good to have it split up the load? i couldnt find any openvpn log on the router.

    is this the routing table you mean?



  • Routing table on the client, not the server.

    Putting multiple IPs on multiple NICs like that does nothing to distribute load. If you want to distribute load across NICs, you bond them in the OS and then assign the IP to the bond, not any individual NIC.



  • @cmb:

    Routing table on the client, not the server.

    Putting multiple IPs on multiple NICs like that does nothing to distribute load. If you want to distribute load across NICs, you bond them in the OS and then assign the IP to the bond, not any individual NIC.

    Well if i bind the servers to specific ip that is bound to a specific nic how can that not distribute the load? where on the client do i find the routing table?

    i just saw something about adding push "route 192.168.1.0 255.255.255.0" to server custom options, that might help?



  • The local networks line pushes the route to the client. Though I just noticed you put the wrong network address in there, IIRC Windows doesn't like that and will fail adding the route. Change that 192.168.1.1/24 to 192.168.1.0/24.

    If your remote client is on a local 192.168.1.0/24 network, it'll never use the VPN to reach a remote network that's the same thing, so that might be another issue.



  • @cmb:

    The local networks line pushes the route to the client. Though I just noticed you put the wrong network address in there, IIRC Windows doesn't like that and will fail adding the route. Change that 192.168.1.1/24 to 192.168.1.0/24.

    If your remote client is on a local 192.168.1.0/24 network, it'll never use the VPN to reach a remote network that's the same thing, so that might be another issue.

    Okey, will try that. I think i have tried it earlier tho, any other suggestions?



  • Still cant reach the local network :/

    Do i have to assign open vpn to an interface or something?



  • UPDATE:

    I can reach a share on my computer at work from my server but not the other way around
    and i can rdp the server with the local ip 192.168.1.155



  • I solved it!

    this was the solution



  • Not surprising - many (most/almost all ????) Windows/share issues across OpenVPN are Windows issues not OpenVPN issues.

    Dare I say that should be the title for a sticky note (or at least a line in the Wiki)…..........