• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Open VPN no access to http/https/ssh/samba, etc.

Scheduled Pinned Locked Moved OpenVPN
7 Posts 2 Posters 556 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    ToXaNSK
    last edited by Feb 9, 2021, 7:19 AM

    Greetings to all

    There are two pfSense.
    A (2.3.4-RELEASE-p1) and B (2.4.5-RELEASE-p1)

    A is the server.
    B the client.

    Configured OpenVPN site to site by Netgate Doc, Netgate forum

    The connection is being established.

    I can do ping and tracert/traceroute to the networks behind the server or client, but I can't open http/https/ssh/smb?

    Help anyone who can. Take the right path.

    Say what you mean, mean what you say. (Interstate 60)

    G 1 Reply Last reply Feb 9, 2021, 7:56 AM Reply Quote 0
    • G
      Gertjan @ToXaNSK
      last edited by Feb 9, 2021, 7:56 AM

      Just to mention one out of many possible issues :

      @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

      A is the server.

      What is (are) the OPENVPN firewall rules ?

      @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

      but I can't open http/https/ssh/smb?

      And does the traffic arrives at these device ?
      Are these devices setup to accept connection from out of their (LAN) network ?
      Use packet capturing to find out where things block.

      Btw :
      Nobody is running 2.3.4-RELEASE-p1 (must be at least 2.3.5 ....) as it is severely outdated.
      Even the OpenVPN version - and thus the way it works - has changed.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      T 1 Reply Last reply Feb 9, 2021, 8:50 AM Reply Quote 0
      • T
        ToXaNSK @Gertjan
        last edited by ToXaNSK Feb 9, 2021, 9:00 AM Feb 9, 2021, 8:50 AM

        @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

        What is (are) the OPENVPN firewall rules ?

        IPv4 * * * * * * none ovpn any to any

        @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

        And does the traffic arrives at these device ?

        Devices pfSense Server, OMV5, switches.

        @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

        Are these devices setup to accept connection from out of their (LAN) network ?

        Previously, point B was Mikrotik rb952G-2HnD. Replaced with PfSense. The network addressing has not changed.

        @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

        Use packet capturing to find out where things block.

        I'll try to do

        @gertjan said in Open VPN no access to http/https/ssh/samba, etc.:

        Btw :
        Nobody is running 2.3.4-RELEASE-p1 (must be at least 2.3.5 ....) as it is severely outdated.
        Even the OpenVPN version - and thus the way it works - has changed.

        I know, but I can only do this on Monday next week. Now I need to set up a connection.

        Could there be similar problems from compression mismatch?

        Log file server and client

        log.txt

        Say what you mean, mean what you say. (Interstate 60)

        G 1 Reply Last reply Feb 9, 2021, 8:57 AM Reply Quote 0
        • G
          Gertjan @ToXaNSK
          last edited by Gertjan Feb 9, 2021, 9:12 AM Feb 9, 2021, 8:57 AM

          @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

          IPv4 * * * * * * none ovpn any to any

          Hummm.
          A gateway set for the OpenVPN server ?

          What about :

          2a379313-8944-458e-a3c4-c38a27fef26d-image.png

          @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

          Could there be similar problems from compression mismatch?

          "Compression" has changed over the serveral OpenVPN versions.
          Typically, they should be set 'identical' using identical OpenVPN server or client versions.
          By default, chose : none.

          Also : when you start to use OpenVPN, you have to (like MUST :) read the logs.
          On the server side.
          On the client side.
          This is not optional. It never was.
          When starting up things the first time, there is always the same question : how do I set it up so the logs are verbose.
          Now read these logs. get rid of errors. Warnings, etc.

          You could remove a bunch of possible issues (to learn and some) by using identical software versions on both sides. Your 2.3.4 is not a good example here.

          Typically, I would set up the server first, and activate a 'road warrior' setup : use your phone, outside your local network, using the career data access, so you can access your home pfSense server, access pfSense's GUI, and local devices (servers).

          The official 5 minutes demo : https://www.youtube.com/watch?v=jQHqPq7ftz4

          Then, when that works, set up another pfSense as a OpenVPN client, which connects to the (your) pfSense OpenVPN server. You will have to look at the other (older, but still valid) OpenVPN server Netgate videos.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          T 1 Reply Last reply Feb 9, 2021, 9:03 AM Reply Quote 0
          • T
            ToXaNSK @Gertjan
            last edited by ToXaNSK Feb 9, 2021, 9:07 AM Feb 9, 2021, 9:03 AM

            @gertjan

            OpenVPN logs

            log.txt

            This

            firewall ovpn server.jpg

            Tell me, is it necessary to create an interface from a OPT interface?
            In the manuals, we are simply talking about OpenVPN.

            Say what you mean, mean what you say. (Interstate 60)

            G 1 Reply Last reply Feb 9, 2021, 9:15 AM Reply Quote 0
            • G
              Gertjan @ToXaNSK
              last edited by Feb 9, 2021, 9:15 AM

              @toxansk said in Open VPN no access to http/https/ssh/samba, etc.:

              Tell me, is it necessary to create an interface from a OPT interface?

              Noop.
              'OPTx' is the default name of interface that are found and assigned by you.
              A router (firewall) needs to have two interfaces at least.
              Other interfaces can be phyical NICs and used as other LAN's other WAN's or they can be VLAN (LAN's over LANs) or virtual interfaces like the OpenVPN interface that is created when you start a OpenVPN server.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              T 1 Reply Last reply Feb 9, 2021, 9:40 AM Reply Quote 0
              • T
                ToXaNSK @Gertjan
                last edited by Feb 9, 2021, 9:40 AM

                @gertjan Thanks for the link to the channel. I will definitely see everything.

                You have two interfaces.
                OPENVPN
                OpenVPN

                do they both need them to work correctly?

                Say what you mean, mean what you say. (Interstate 60)

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received