Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN no access to http/https/ssh/samba, etc.

    OpenVPN
    2
    7
    552
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ToXaNSK
      last edited by

      Greetings to all

      There are two pfSense.
      A (2.3.4-RELEASE-p1) and B (2.4.5-RELEASE-p1)

      A is the server.
      B the client.

      Configured OpenVPN site to site by Netgate Doc, Netgate forum

      The connection is being established.

      I can do ping and tracert/traceroute to the networks behind the server or client, but I can't open http/https/ssh/smb?

      Help anyone who can. Take the right path.

      Say what you mean, mean what you say. (Interstate 60)

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @ToXaNSK
        last edited by

        Just to mention one out of many possible issues :

        @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

        A is the server.

        What is (are) the OPENVPN firewall rules ?

        @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

        but I can't open http/https/ssh/smb?

        And does the traffic arrives at these device ?
        Are these devices setup to accept connection from out of their (LAN) network ?
        Use packet capturing to find out where things block.

        Btw :
        Nobody is running 2.3.4-RELEASE-p1 (must be at least 2.3.5 ....) as it is severely outdated.
        Even the OpenVPN version - and thus the way it works - has changed.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        T 1 Reply Last reply Reply Quote 0
        • T
          ToXaNSK @Gertjan
          last edited by ToXaNSK

          @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

          What is (are) the OPENVPN firewall rules ?

          IPv4 * * * * * * none ovpn any to any

          @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

          And does the traffic arrives at these device ?

          Devices pfSense Server, OMV5, switches.

          @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

          Are these devices setup to accept connection from out of their (LAN) network ?

          Previously, point B was Mikrotik rb952G-2HnD. Replaced with PfSense. The network addressing has not changed.

          @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

          Use packet capturing to find out where things block.

          I'll try to do

          @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

          Btw :
          Nobody is running 2.3.4-RELEASE-p1 (must be at least 2.3.5 ....) as it is severely outdated.
          Even the OpenVPN version - and thus the way it works - has changed.

          I know, but I can only do this on Monday next week. Now I need to set up a connection.

          Could there be similar problems from compression mismatch?

          Log file server and client

          log.txt

          Say what you mean, mean what you say. (Interstate 60)

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @ToXaNSK
            last edited by Gertjan

            @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

            IPv4 * * * * * * none ovpn any to any

            Hummm.
            A gateway set for the OpenVPN server ?

            What about :

            2a379313-8944-458e-a3c4-c38a27fef26d-image.png

            @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

            Could there be similar problems from compression mismatch?

            "Compression" has changed over the serveral OpenVPN versions.
            Typically, they should be set 'identical' using identical OpenVPN server or client versions.
            By default, chose : none.

            Also : when you start to use OpenVPN, you have to (like MUST :) read the logs.
            On the server side.
            On the client side.
            This is not optional. It never was.
            When starting up things the first time, there is always the same question : how do I set it up so the logs are verbose.
            Now read these logs. get rid of errors. Warnings, etc.

            You could remove a bunch of possible issues (to learn and some) by using identical software versions on both sides. Your 2.3.4 is not a good example here.

            Typically, I would set up the server first, and activate a 'road warrior' setup : use your phone, outside your local network, using the career data access, so you can access your home pfSense server, access pfSense's GUI, and local devices (servers).

            The official 5 minutes demo : https://www.youtube.com/watch?v=jQHqPq7ftz4

            Then, when that works, set up another pfSense as a OpenVPN client, which connects to the (your) pfSense OpenVPN server. You will have to look at the other (older, but still valid) OpenVPN server Netgate videos.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            T 1 Reply Last reply Reply Quote 0
            • T
              ToXaNSK @Gertjan
              last edited by ToXaNSK

              @gertjan

              OpenVPN logs

              log.txt

              This

              firewall ovpn server.jpg

              Tell me, is it necessary to create an interface from a OPT interface?
              In the manuals, we are simply talking about OpenVPN.

              Say what you mean, mean what you say. (Interstate 60)

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @ToXaNSK
                last edited by

                @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

                Tell me, is it necessary to create an interface from a OPT interface?

                Noop.
                'OPTx' is the default name of interface that are found and assigned by you.
                A router (firewall) needs to have two interfaces at least.
                Other interfaces can be phyical NICs and used as other LAN's other WAN's or they can be VLAN (LAN's over LANs) or virtual interfaces like the OpenVPN interface that is created when you start a OpenVPN server.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                T 1 Reply Last reply Reply Quote 0
                • T
                  ToXaNSK @Gertjan
                  last edited by

                  @gertjan Thanks for the link to the channel. I will definitely see everything.

                  You have two interfaces.
                  OPENVPN
                  OpenVPN

                  do they both need them to work correctly?

                  Say what you mean, mean what you say. (Interstate 60)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.