windows 10 openvpn connect to multiple remote clients



  • Hi
    i have openvpn working perfectly fine on pfsense. and i can succesfully connect with my windows 10 computer to the main pfsense server lan

    so my pfsense server is 192.168.1.0/24, openvpn is remote access (user auth)

    however i have 4 more pfsense routers all connected to this main one, they are remote clients (using peer to peer shared key)
    so i have
    192.168.2.0/24
    192.168.3.0/24
    192.168.4.0/24
    192.168.5.0/24

    when i log in with my computer, i can ONLY view the main server and all its local devices on lan 192.168.1.0/24
    but i can not access anything on the other remote clients such as 192.168.2.0/24

    is there a way to connect to all remote clients?

    Thank you
    Ben


  • LAYER 8 Netgate

    Simple matter of routing.

    Your client will need to be sending all traffic over the tunnel or have routes for all of those networks (add 192.168.[2345].0/24 to the Local Network(s) on the OpenVPN server you are connecting to.)

    Those sites will need to have routes to the OpenVPN tunnel network in the server you are connecting to (192.168.1.0/24).

    Of course, all necessary firewall rules will need to be in place where traffic enters all of the various interfaces.



  • hi
    so i added on my openvpn server, the following in the local ipv4 networks
    192.168.1.0/24,192.168.2.0/24,192.168.3.0/24,192.168.4.0/24

    however i dont understand what i am supposed to do on the clients side? can you give me step by step?

    i have openvpn firewall allow all is that not enough?


  • LAYER 8 Netgate

    Adding them to the Local Networks on the server will push the routes to the clients as long as the client is not configured with the equivalent of Don't Pull Routes.

    In most cases you do not need to do anything.



  • see attached screenshot of screencapture-192-168-1-1-vpn-openvpn-server-php-2019-06-28-07_30_08_Page_3.jpg screencapture-192-168-1-1-vpn-openvpn-server-php-2019-06-28-07_30_08_Page_2.jpg screencapture-192-168-1-1-vpn-openvpn-server-php-2019-06-28-07_30_08_Page_1.jpg my server. as its still not working.
    the clients are my openvpn software on windows 10. not sure how to see the config files on windows 10. i dont think they are saying dont pull routes.
    i simply used the export wizard to export the setup file for windows 10.


  • LAYER 8 Netgate

    And? Look at the routing table on a connected client.



  • @Derelict
    how do i see that in windows 10
    the config file for windows 10 openvpn program shows only
    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    ncp-ciphers AES-256-GCM:AES-128-GCM
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote xx.xxx.xx.xx 1194 udp
    auth-user-pass
    ca firewall-UDP4-1194-ca.crt
    tls-auth firewall-UDP4-1194-tls.key 1
    remote-cert-tls server


  • LAYER 8 Rebel Alliance

    route print

    -Rico



  • This post is deleted!

  • LAYER 8 Netgate

    OK so the routes are there. Are you passing the traffic into pfSense on the OpenVPN firewall rules?

    Are the services on 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 being blocked by some local firewall on the target hosts? (think windows firewall there.)



  • bc1d8d84-bc45-41ae-ae41-c8122e836275-image.png

    i imagine i type that command in CMD of windows? if yes, here is the screenshot of the results.


  • LAYER 8 Netgate

    bump ^



  • @Derelict
    my firewall in pfsense has a rule for openvpn interface to pass any protocal from ipv4
    source and destination is set to any.
    do i need another firewall rule in pfsense?


  • LAYER 8 Netgate

    Post said rule.



  • @Derelict see attached
    sorry for the delay in responses, i have to wait 120 seconds between each postscreencapture-192-168-1-1-firewall-rules-edit-php-2019-07-02-17_39_13.png


  • LAYER 8 Netgate

    OK it's not that. check the firewalls on the target hosts.

    Try to ping the pfSense interface addresses.



  • ping from pfsense router 192.168.1.1 to a remote one 192.168.3.1

    PING 192.168.3.1 (192.168.3.1): 56 data bytes
    64 bytes from 192.168.3.1: icmp_seq=0 ttl=64 time=31.684 ms
    64 bytes from 192.168.3.1: icmp_seq=1 ttl=64 time=34.436 ms
    64 bytes from 192.168.3.1: icmp_seq=2 ttl=64 time=33.773 ms

    --- 192.168.3.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 31.684/33.298/34.436/1.173 ms

    ping from CMD windows 10
    Pinging 192.168.3.1 with 32 bytes of data:
    Request timed out.


  • LAYER 8 Netgate

    No. From an OpenVPN client, man.



  • im sorry if im new and not understanding this properly and i appreciate your help.
    isnt my windows 10 computer considered the client? this is a vpn connection on my laptop when i travel i have openvpn installed and i login and i can connect only to the main pfsense server that is hosting my openvpn to my laptop client as a remote access user auth.
    however the same pfsense main server has other openvpn connections to remote pfsense routers in 2 other office locations using peer to peer shared key, and from my laptop i can not access those remote offices that are connected to my main pfsense server at the main office


  • LAYER 8 Netgate

    Your client is connecting and getting an address in the tunnel network, 10.1.0.0/24 (10.1.0.2)

    It is being pushed routes to route 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 over the tunnel. That looks like it's working.

    So from that connected client, ping 192.168.3.1. If that works, the VPN is working.

    Then try to access a host on that network (or one of the others.) if that fails it is almost certainly a firewall on the TARGET host, not on the pfSense firewall. Windows in particular likes to filter connections to it to just it's local subnet. Yout 10.1.0.0/24 tunnel network will be outside of that subnet.


  • LAYER 8 Netgate

    Don't take this the wrong way, but you might want to hire someone to set this up for you.



  • do you know someone?


  • LAYER 8 Netgate



  • thx


Log in to reply