Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Remote Access to local storage-Help Please

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      WildGoose
      last edited by

      Hello all.  I’m not a network professional, so please forgive my ignorance.  I’ve been working with OpenVPN attempting to setup remote access.  Need to be able to access local file on the road.  I’ve read the documentation, watched guided video’s and searched forums, however, I’m at a loss as to what I’m doing wrong.
      I have created a Certificate Authority; Server Certificate and User Certificates.  Then I ran the OpenVPN wizard, making certain to check the firewall rules boxes.  The I ran the client export and seemingly successfully installed the keys.
      OpenVPN shows the connection on the client.  The client appears in the OpenVPN Status on the PfSense box.  However, I am unable to connect to the local NAS.  Could anyone help me out?

      User1 is the remote client. From this laptop connected through a phone hotspot I’m able to connect to the PfSense box webgui.  But I’m not able to figure out how to connect the files located on the NAS.

      Nasvpnuser is the NAS I’m attempting to connect to.  After failing several times to remotely connect only with User1, I created another another user in the hopes I could get them speaking to each other.  Not so much!

      Thank you in advance for your kindness

      1 Reply Last reply Reply Quote 0
      • W
        WildGoose
        last edited by

        Sorry the image I tried to post wasn't attached! I'll try again.  Thanks.

        1 Reply Last reply Reply Quote 0
        • W
          WildGoose
          last edited by

          This is the OpenVPN Status of my WebGUI..appartently can't post a question correctly either

          Capture1.PNG
          Capture1.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            Maybe your NAS blocks the access. Consider that the access comes from a remote network.

            Is the pfSense the default gateway on the NAS?

            Can you try to access other devices in your LAN?

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              @viragomann:

              Maybe your NAS blocks the access. Consider that the access comes from a remote network.

              Is the pfSense the default gateway on the NAS?

              Can you try to access other devices in your LAN?

              ^ That is very likely. A firewall or network filter option on the NAS, or if it's a Windows system, the Windows firewall blocks off-subnet access by default as well.

              If you can reach the LAN IP address of the firewall to load the GUI, the client-side routes are likely OK. Slight chance it could be your OpenVPN tab firewall rules, but still the more likely cause is the client blocking it.

              You can confirm that by attempting a connection and then looking at the state table, or doing packet captures on the VPN interface to see if the traffic enters and then the LAN interface to see if it leaves.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • W
                WildGoose
                last edited by

                I believe you are correct.  All of the machines are running Windows 10 Home; all are on the same Norton subscription.

                When I turn off Norton on all machines (and it must be all) I am able to ping the NAS (remotely) and receive a response but still not discoverable on the network share.  All network shares are fully functional inside the network via WiFi or on the LAN.  However, as a side note I'm questioning my decision to use a Home Group ilo a Work Group and the implications in might have.  This leads me to believe I have both Windows permissions’ issues, as well as, a Norton firewall issue.  I will do my research on how to review state tables and or packet captures.  These are both new to me.

                Thank you both for your kind and insightful replies

                If anyone has a recommendation for documentation regarding Windows 10 permissions and or Norton as they relate to OpenVPN that would be Fantastic!!

                1 Reply Last reply Reply Quote 0
                • W
                  WildGoose
                  last edited by

                  In case it helps anyone.  I was able to correct the OpenVPN conflict with Norton.

                  A brief explanation:

                  -Open Norton
                  -Select History
                  -Scroll to find "Connected to a public network (192.168.100.0/255.255.255.0)" <–-Example address, and double click
                  -On the "Advanced Details" in the middle right click "Trust", then "Close"
                  -The History should now show "Connected to a trusted network (192.168.100.0/255.255.255.0)<–-Example address

                  This allowed me to send successful ping requests to and from connected devices without disabling Norton and with no other alteration to the rules.  However I'm not yet successful with device discovery.  Some progress is better than none.

                  Please consider the source I'm no pro and may have done something terribly wrong!

                  public.PNG
                  public.PNG_thumb
                  detail.PNG
                  detail.PNG_thumb
                  trusted.PNG
                  trusted.PNG_thumb

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    " However I'm not yet successful with device discovery. "

                    What protocol is used for device discovery?  Discovery normally doesn't work when your on a different network, ie your not on the same L2 or broadcast domain - so no discovery protocols normally do not work.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • W
                      WildGoose
                      last edited by

                      I must've been misunderstood.  I thought once the VPN connection had been successfully configured I should appear as though I was connected to my local LAN.  Discoverability and all.  However,based on you're input jonpoz I seem to have been confused.

                      I have been able to connect via ip to shared locations through the file explorer, which led me to believe my lack of discoverabilty was related to a possibly misconfigured dns.  I am using dynamic dns for the first time and assumed I'd done something wrong.

                      As a secondary concern once connected through the Remote VPN, access to the accounting software file I was hoping to connect to is very slow.  Again leading me to believe I've not correctly configured the VPN.

                      I appreciate all your help!

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        your not on your local lan unless your using TAP…  TUN you would be on another network, ie the tunnel network you setup.

                        What is slow?  You will be limited to the slowest upload of either client or server, etc.  Depending on what your doing. Your server could have gig down, but if its upload is 10mbps - then your client would be limited to 10mbps pulling info from the vpn network, etc.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • W
                          WildGoose
                          last edited by

                          Thanks again for pointing me in a useful direction.  I clearly had not done all of my homework.  I am using TUN.  However, after further reading the TAP configuration might better fit my use case.

                          Currently the connection to the VPN is rather fast.  I have no issue navigating documents, pictures things of this nature.  However, when I open my accounting software it takes 3-5 minutes to load the file.  Once it has loaded lag is barely noticeable in most cases.  I do have adaptive compression enabled.

                          You're Awesome!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.