What Now?

  • Sorry to be such an idiot here but I am a new admin at this level.

    It appears I have created the user and installed the MSI correctly. It says I am connected but there is no interface. How do I get around?
    The last VPN I used had a limited GUI with some shortcuts, etc.

    Do I need to configure my server to accept an incoming connection and use a profile? Something like that?

    Any help appreciated.

    Thank you

  • Banned

    Eh, I'm not sure what you're talking about? Can you be specific as to what your question is?

  • I have installed OPENVPN on a computer at home, I run it and it says I am connected. But that's it. It doesn't appear to map any drives; I don't appear to be able to get to any drives where docs may be; I don't see any of the apps I would normally see.

    I get that this is not a Team Viewer experience but what do I have to do to get some functionality?

    When I myself was a user and received permission on a VPN; when I connected I was asked to log in and then I was presented with a desktop that had some or most of the apps I had at work. And was able to browse my work networked folders, etc.

    Not quite sure how to be more specific. I must be missing something big here.

  • Banned

    OK I see, thank you.

    OpenVPN as a server on pfSense won't provide you with a GUI of any type when you connect.

    Once you are connected you will be ale to find the file systems on your network in the same way you would if you were physically on the network, using the same GUI that you always would on whatever Operating System you are using.

    So if you are on windows, you would open up File Explorer and select Network to find your networked file system.

    Keep in mind that if you need to access files on a different subnet, you will have to have the appropriate firewall rules in place to let that happen.

  • Thank you .

    I did try that and didn't see any files…this is pretty basic setup here with not very many shares to worry about.

    I noted your comment about the subnet: when  I am connected OpenVPN says I have a 10.0.x.x address and my network is a class C at 192.168.1.x.
    When I configured the VPN I used the defaults as recommended by the many YouTube videos I watched and the implication was (I thought) that some sort of NAT was going on in the background.

    Sounds like I may some more configuration to do (?).

  • Banned

    For a Server on NAT, under Firewall > NAT > Outbound you should have two rules for each Gateway interface you want to use it on (should just be WAN for you):

    WAN / (your VPN server subnet here) / any / any / 500 / WAN address / any / Static Port (check the box)

    WAN / (your VPN server subnet here) / any / any / any / NOT Static Port (don't check the box)

    If you have your NAT rules set to automatic, which you probably should unless you have a reason not to, then these are created for you. However if you've turned off automatic NAT, or are using Hybrid NAT and trying to use your Server on a gateway other than WAN, then you will have to make these rules manually for that gateway interface.

    As for the subnet, go to VPN > OpenVPN, on the Servers tab, under Tunnel Network you will see the subnet of your VPN server. When your clients connect to the VPN they should be assigned an IP in this subnet.

    Now go to Firewall > Rules and select the tab for your OpenVPN server.

    You will need to write a rule here to pass traffic from your VPN subnet, to the subnet that you need to access. This rule will vary depending on your needs but here is an example.

    IPv4 // TCP/UDP // 192.your.vpn.server/subnet //  any // (either the subnet you need to access, or an alias) // any // any

    If you want to access an entire subnet just put that subnet into the rule above.

    If you want to access one or more subnets, or if you want to limit the rule to only pass traffic to specific IP's on one or more subnet, then assign static IP's to those devices, and go to Firewall > Aliases > IP and create an alias for those things and enter the name of the alias in the rule above.

    My guess is that the firewall rule will solve your problem. Your NAT is more than likely in automatic and you are probably only using WAN as a gateway.

  • Awesome…thanks for all your help!

  • Banned

    No worries, I'm glad it worked out!

Log in to reply