OpenVPN Remote Access connects but I can't RDP to Win7 PC (or ping it)

  • I've been working on setting up OpenVPN Remote Access all week.  Although the instructions are great and it seems to be a simple process, I am new to pfSense networking and am a home user.  Finally, I found all my mistakes and I can connect via a MacBook with Viscosity and a Win7 VM on the MacBook with OpenVPN Community Client.  I can access pfSense router, QNAP, etc.  However, I can't ping or RDP to my Win 7 PC on the LAN.

    Here's my setup: FW, OpenVPN setup, and the MS RDC error.  The Win7 PC has McAfee running, with port 3389 open and remote access allowed through Windows (NLA required).  Any help is appreciated!
    ![FW WAN.PNG](/public/imported_attachments/1/FW WAN.PNG)
    ![FW WAN.PNG_thumb](/public/imported_attachments/1/FW WAN.PNG_thumb)
    ![FW LAN.PNG](/public/imported_attachments/1/FW LAN.PNG)
    ![FW LAN.PNG_thumb](/public/imported_attachments/1/FW LAN.PNG_thumb)
    ![FW OPENVpn.PNG](/public/imported_attachments/1/FW OPENVpn.PNG)
    ![FW OPENVpn.PNG_thumb](/public/imported_attachments/1/FW OPENVpn.PNG_thumb)
    ![OpenVPN Setup.png](/public/imported_attachments/1/OpenVPN Setup.png)
    ![OpenVPN Setup.png_thumb](/public/imported_attachments/1/OpenVPN Setup.png_thumb)
    ![RDC Error.PNG](/public/imported_attachments/1/RDC Error.PNG)
    ![RDC Error.PNG_thumb](/public/imported_attachments/1/RDC Error.PNG_thumb)

  • So, McAfee was not configured correctly.  I had to edit the firewall's port settings to specifically allow 3389 UDP and to allow PCs not on the same subnet - just opening the port in McAfee did not allow full access.

    Also, I don't think it had any impact on the problem, but I made some configuration changes - notes in red on attached screenshot.

    I can now access the Win PC remotely after connecting via VPN using the PCs IP - but not using the PCs name.  Is this typical?  I thought adding "DNS Default Domain - Provide a default domain name to clients" might allow access using the PC name.

    ![Revised OpenVPN Settings.png.png](/public/imported_attachments/1/Revised OpenVPN Settings.png.png)
    ![Revised OpenVPN Settings.png.png_thumb](/public/imported_attachments/1/Revised OpenVPN Settings.png.png_thumb)

  • LAYER 8 Netgate

    opendns isn't going to know anything about your local hostnames or their addresses.

  • Thanks for the reply.  Yes, that makes sense.

    I thought that when I connect via OpenVPN and run MS RDC on the remote computer, that RDC might be able to detect my home's PC's name, particularly since the home PC is set to accept remote connections.  I wasn't sure if any of the VPN settings might prevent or enable such detection.

    I also expect that the larger problem in resolving the computer's name is that the home LAN and the VPN are on different subnets?

  • LAYER 8 Netgate

    You will need to configure some local DNS to resolve local hostnames and point your OpenVPN clients to that.

    People usually point at an Active Directory DNS server or something.

    You are correct. Service discovery that relies on network broadcasts is not going to work. You need something else like DNS.

  • Thanks, that's good to know.

    I will take a look at DNS options and investigate the Active Directory option.  (I recall reading some about Active Directory when resolving issues in setting up the OpenVPN.)

Log in to reply