OpenVPN connecting but can't access to my local devices / shared folder



  • Hello everyone,

    2 days ago i created an access to my local network througth openvpn.
    I just created a simple user (SSL TLS + User auth.) and correctly connect to my network and i was able to access to my share folder.

    But yestuday i tried to connect to my vpn thank to my ad account.
    Now i can connect to my network thank to my ad account and local pfsense user but i don't know why i can't access to my shared folder / network devices anymore. Could you help me please, it's pretty strange because i"m correctly connect to my vpn but can't access to my network ressources.

    More information :
    My pfsense version : 2.4.3

    My network configuration :

    0_1531295755810_Capture.PNG

    here my client configuration

    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    ncp-ciphers AES-256-GCM:AES-128-GCM
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote XXXXXXXXX 1194 udp
    verify-x509-name "Certificat Serveur Partage VPN" name
    auth-user-pass
    pkcs12 pfSense-UDP4-1194-XXXXX.p12
    tls-auth pfSense-UDP4-1194-XXXXX-tls.key 1
    remote-cert-tls server
    

    Et voici ci dessous la configuration du serveur openvpn :
    3_1531297821170_SERVEUROPEN4.PNG 2_1531297821170_SERVEUROPEN3.PNG 1_1531297821170_SERVEUROPEN2.PNG 0_1531297821170_SERVEUROPEN1.PNG

    my client logs

    Wed Jul 11 10:17:14 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
    Wed Jul 11 10:17:14 2018 Windows version 6.2 (Windows 8 or greater) 64bit
    Wed Jul 11 10:17:14 2018 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
    Enter Management Password:
    Wed Jul 11 10:17:21 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXXXXX:1194
    Wed Jul 11 10:17:21 2018 UDP link local (bound): [AF_INET][undef]:1194
    Wed Jul 11 10:17:21 2018 UDP link remote: [AF_INET]XXXXXXXXX:1194
    Wed Jul 11 10:17:21 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Wed Jul 11 10:17:22 2018 [Certificat Serveur Partage VPN] Peer Connection Initiated with [AF_INET]XXXXXXXXX:1194
    Wed Jul 11 10:17:23 2018 open_tun
    Wed Jul 11 10:17:23 2018 TAP-WIN32 device [Ethernet 4] opened: \\.\Global\{57DA1C56-202B-471C-802F-DD2BEFDFBA1D}.tap
    Wed Jul 11 10:17:23 2018 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.8.0/10.0.8.2/255.255.255.0 [SUCCEEDED]
    Wed Jul 11 10:17:23 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.8.2/255.255.255.0 on interface {57DA1C56-202B-471C-802F-DD2BEFDFBA1D} [DHCP-serv: 10.0.8.254, lease-time: 31536000]
    Wed Jul 11 10:17:23 2018 Successful ARP Flush on interface [9] {57DA1C56-202B-471C-802F-DD2BEFDFBA1D}
    Wed Jul 11 10:17:23 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Wed Jul 11 10:17:28 2018 Initialization Sequence Completed
    

    and my server logs :

    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_VER=2.4.4
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_PLAT=win
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_PROTO=2
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_NCP=2
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_LZ4=1
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_LZ4v2=1
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_LZO=1
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_COMP_STUB=1
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_COMP_STUBv2=1
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_TCPNL=1
    Jul 11 10:17:22 pfSense openvpn[268]: XXXXX/77.136.204.222:1194 peer info: IV_GUI_VER=OpenVPN_GUI_11
    Jul 11 08:17:22 pfSense openvpn: user 'XXXXX' authenticated
    

    I don't know if the problem come from ip overslaping or an other problem.

    Thank a lot for your help.



  • Après quelques recherches il s'avère que c'est me pare feu de mon antivirus qui me bloque.



  • Hello,

    is everything working now?
    Did you created firewall rules for incoming traffic?

    Kind regards



  • Hello Yes all is working, after some rechearch i found something concerning virus protection.
    But now my problem is : i have to disable my bitdefender firewall to access to my network. Someone know how to enable the btdefender firewall and add an exception ?

    Thank a lot