OpenVPN Remote Access to local storage-Help Please

  • Hello all.  I’m not a network professional, so please forgive my ignorance.  I’ve been working with OpenVPN attempting to setup remote access.  Need to be able to access local file on the road.  I’ve read the documentation, watched guided video’s and searched forums, however, I’m at a loss as to what I’m doing wrong.
    I have created a Certificate Authority; Server Certificate and User Certificates.  Then I ran the OpenVPN wizard, making certain to check the firewall rules boxes.  The I ran the client export and seemingly successfully installed the keys.
    OpenVPN shows the connection on the client.  The client appears in the OpenVPN Status on the PfSense box.  However, I am unable to connect to the local NAS.  Could anyone help me out?

    User1 is the remote client. From this laptop connected through a phone hotspot I’m able to connect to the PfSense box webgui.  But I’m not able to figure out how to connect the files located on the NAS.

    Nasvpnuser is the NAS I’m attempting to connect to.  After failing several times to remotely connect only with User1, I created another another user in the hopes I could get them speaking to each other.  Not so much!

    Thank you in advance for your kindness

  • Sorry the image I tried to post wasn't attached! I'll try again.  Thanks.

  • This is the OpenVPN Status of my WebGUI..appartently can't post a question correctly either

  • Maybe your NAS blocks the access. Consider that the access comes from a remote network.

    Is the pfSense the default gateway on the NAS?

    Can you try to access other devices in your LAN?

  • Rebel Alliance Developer Netgate


    Maybe your NAS blocks the access. Consider that the access comes from a remote network.

    Is the pfSense the default gateway on the NAS?

    Can you try to access other devices in your LAN?

    ^ That is very likely. A firewall or network filter option on the NAS, or if it's a Windows system, the Windows firewall blocks off-subnet access by default as well.

    If you can reach the LAN IP address of the firewall to load the GUI, the client-side routes are likely OK. Slight chance it could be your OpenVPN tab firewall rules, but still the more likely cause is the client blocking it.

    You can confirm that by attempting a connection and then looking at the state table, or doing packet captures on the VPN interface to see if the traffic enters and then the LAN interface to see if it leaves.

  • I believe you are correct.  All of the machines are running Windows 10 Home; all are on the same Norton subscription.

    When I turn off Norton on all machines (and it must be all) I am able to ping the NAS (remotely) and receive a response but still not discoverable on the network share.  All network shares are fully functional inside the network via WiFi or on the LAN.  However, as a side note I'm questioning my decision to use a Home Group ilo a Work Group and the implications in might have.  This leads me to believe I have both Windows permissions’ issues, as well as, a Norton firewall issue.  I will do my research on how to review state tables and or packet captures.  These are both new to me.

    Thank you both for your kind and insightful replies

    If anyone has a recommendation for documentation regarding Windows 10 permissions and or Norton as they relate to OpenVPN that would be Fantastic!!

  • In case it helps anyone.  I was able to correct the OpenVPN conflict with Norton.

    A brief explanation:

    -Open Norton
    -Select History
    -Scroll to find "Connected to a public network (" <–-Example address, and double click
    -On the "Advanced Details" in the middle right click "Trust", then "Close"
    -The History should now show "Connected to a trusted network (<–-Example address

    This allowed me to send successful ping requests to and from connected devices without disabling Norton and with no other alteration to the rules.  However I'm not yet successful with device discovery.  Some progress is better than none.

    Please consider the source I'm no pro and may have done something terribly wrong!

  • LAYER 8 Global Moderator

    " However I'm not yet successful with device discovery. "

    What protocol is used for device discovery?  Discovery normally doesn't work when your on a different network, ie your not on the same L2 or broadcast domain - so no discovery protocols normally do not work.

  • I must've been misunderstood.  I thought once the VPN connection had been successfully configured I should appear as though I was connected to my local LAN.  Discoverability and all.  However,based on you're input jonpoz I seem to have been confused.

    I have been able to connect via ip to shared locations through the file explorer, which led me to believe my lack of discoverabilty was related to a possibly misconfigured dns.  I am using dynamic dns for the first time and assumed I'd done something wrong.

    As a secondary concern once connected through the Remote VPN, access to the accounting software file I was hoping to connect to is very slow.  Again leading me to believe I've not correctly configured the VPN.

    I appreciate all your help!

  • LAYER 8 Global Moderator

    your not on your local lan unless your using TAP…  TUN you would be on another network, ie the tunnel network you setup.

    What is slow?  You will be limited to the slowest upload of either client or server, etc.  Depending on what your doing. Your server could have gig down, but if its upload is 10mbps - then your client would be limited to 10mbps pulling info from the vpn network, etc.

  • Thanks again for pointing me in a useful direction.  I clearly had not done all of my homework.  I am using TUN.  However, after further reading the TAP configuration might better fit my use case.

    Currently the connection to the VPN is rather fast.  I have no issue navigating documents, pictures things of this nature.  However, when I open my accounting software it takes 3-5 minutes to load the file.  Once it has loaded lag is barely noticeable in most cases.  I do have adaptive compression enabled.

    You're Awesome!