OpenVPN works OK on Android but not Windows
-
Hi,
I have the following issue that I'm unable find a cause for.
I have a network on 192.168.10.0/24
My Tun VPN is using 10.0.0.0/24
When I download the config for android and import into OpenVPN Connect it works without any issues, I can ping ip addresses, resolve DNS, do a traceroute and access web servers and PC's via RDP without any issues.
On Windows, I connect OK and I can ping ip addresses, resolve DNS, do a traceroute etc. However as soon as I go to any webserver or RDP to a desktop PC, my connection to the lan is lost and I'm no longer able to ping any device on the lan.
I have tried this on two different pfSense boxes with the other at a different location having the following details:
I have a network on 10.82.116.0/24
My Tun VPN is using 10.1.1.0/24
I get the very same issue as above.
Any pointers would be greatly appreciated.
Regards,
Robert.
-
Did you figure this out? I'm using 2.4.2-RELEASE-p1 and have exactly the same problem. I looked at forum but can't find anyone with same issue. I look at guides on openvpn site and pfsense forum but can't find answers.
if you haven't figured issue out can anybody here help.
equ.
-
Hi equ,
No I've not managed to figure this out. I have also found that if I try to go to any website once the VPN is connected I will then loose connection. If I try to restart the OpenVPN connection it won't let me unless I restart my PC, very frustration.
Regards,
Robert.
-
Hi,
I should have attached in the first place but here is my Server and client configs:
Server:
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local A.B.C.D (Wan IP address)
tls-server
server 10.0.0.0 255.255.255.0 (VPN Subnet)
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user UmFkaXVzIFNlcnZlcg== false server1 1194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'OpenVPN-Server' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 5
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.11.0 255.255.255.0"
push "dhcp-option DOMAIN HOME"
push "dhcp-option DNS 192.168.10.1" (Lan interface of pfSense)
push "block-outside-dns"
push "register-dns"
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.4096
crl-verify /var/etc/openvpn/server1.crl-verify
tls-crypt /var/etc/openvpn/server1.tls-crypt
ncp-ciphers AES-256-CBC:AES-256-CFB:AES-256-CFB1:AES-256-CFB8:AES-256-GCM:AES-256-OFB
compress lz4
persist-remote-ip
float
topology subnetClient:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-CBC:AES-256-CFB:AES-256-CFB1:AES-256-CFB8:AES-256-GCM:AES-256-OFB
auth SHA256
tls-client
client
resolv-retry infinite
remote A.B.C.D 1194 udp (Wan IP Address)
setenv opt block-outside-dns
lport 0
verify-x509-name "OpenVPN-Server" name
auth-user-pass
pkcs12 pfSense-UDP4-1194-robert-ca.p12
tls-crypt pfSense-UDP4-1194-robert-ca-tls.key
remote-cert-tls server
compress lz4I've been trying to resolve this issue since mid December and I'm totally stuck. Any help would be greatly appreciated.
Regards,
Robert.
-
Hi,
I'm convinced now that I must be missing something in pfSense as I got this working fine on a Ubuntu server and also tried opnSense just for trial an error sake, and didn't get the issue with that either (I'm not deserting as pfSense has a fantastic track record).
If anyone could just point me in the right direction for what I am missing it would be greatly appreciated.
Regards,
Robert
-
Hi,
OpenVPN is working fine on Ubuntu so I shall have to use this for now.
Regards,
Robert.
-
I use windows client pretty much every day all day from work to my house… Never have any issues... RDP to my home boxes all the time, etc etc..
This really is clickity clickity through the wizard done..
I would change your compression to adative - you seem to be hard setting it with this
"compress lz4"
