Cant access any computers on domain



  • I have set up openvpn on both a mobile client and the pfsense router and it connects just fine the problem is that i cannot login into the domain of the network from the pfsense box but i can ping the dns and vnc to it
    I need a setup were remote users can login into the domain well remotely and also run programs of the network and also be able to print to a shared printer etc



  • That's a Windows networking problem and not related to your use of OpenVPN.  The solutions depend on what version of Windows you're using for your domain - is this an old school Windows domain, or Active Directory?



  • its an active directory, i was doing so more reading an i came across the routing and remote access protocol so ill try an see if by configuring that and then adding my user to the group will solve the problem



  • What OS are your clients?

    Assuming that your VPN server is the default gateway, or you've pushed static routes to the Windows servers (or default gateway) it should all just work - it certainly does for me with XP, Vista or Windows 7 as the client.



  • so i should push the default gateway of the domain i want to connect to so that the vpn client has the same default gateway as the domain



  • You need to ensure 2 things:

    1. On your network, either the VPN server is the default gateway, or the servers know how to reach the VPN client

    2. The VPN client knows how to reach the servers on the network

    In other words, basic routing.  It sounds like you've done (2) since you can ping "the dns" (which I'm guessing is your DNS server on the network).



  • the vpn server which would be pfsense is the gateway it is the one responsible for distributing the dhcp addresses to the client, also isnt a vpn suppose to allow you to be able to ping ip addresses from the lan subnet which would automatically allow you to ping the dns server, and to ensure this i pushed the dns server and domain name to the client .

    NB i tried using the push "redirect-gateway def1" to push the gateway to the client , i ended up with the ip address of the pfsense box which is 192.168.xxx.5 as the default gateway on the client



  • Your single, massive, sentence is hard to read.  I think you're saying that your VPN server is your gateway?

    VPN servers only provide connectivity between 2 networks by "hiding" the bit in between.  Basically, you can treat a VPN as you would a router - but that means you need to make sure your basic networking is in place.

    You are using different IP ranges for your VPN, local network and client network?



  • the lan subnet is 192.168.0.0 the cleint is 10.10.10.0



  • And what are you using for the VPN?



  • the ip of the vpn is 192.168.200.0



  • ok so what i needed was to bridge the connections of the vpn to the lan or create a wins server , went with bridging since it is better for most programs, so now i can access shares on the network and i have read access but i dont have write access eg a zipped file will copy to the mapped drive and it will take like forever to unzip



  • Enable NETBIOs on the VPN connections. I did this and now I can access my entire domain.



  • ok ill try this today sorry about taking so long to answer have been really tied up in work and school, ok well my vpn is bridged



  • ok still cant access im trying to run a program of the server i have the access to view the shared folder but jus cant run the program i even installed the program pointed it to the ip address of the server so it would get its data from the server and the program fails to run as a matter a fact i cant even install a program from the network share do you think this is a windows server problem or it just cant be fixed cause open vpn stats for certain programs you either have to build a samba or wins server or bridge the connection and i went with bridging an still cant get through i even entered custom options so that the vpn connection would have an ip just like the domain is there any setting i overlooked or anything on my dns server i have to do



  • Can you:

    a) See the share from the VPN?
    b) Connect to the share from the VPN?
    c) See the contents of files on the share from the VPN?
    d)
      1) Ping the server from the LAN?
      2) Ping the server from the VPN?



  • Can you:

    a) See the share from the VPN?
    yes

    b) Connect to the share from the VPN?
    yes i mapped a drive

    c) See the contents of files on the share from the VPN?
    yes i can copy files from the shared folder

    d)
     1) Ping the server from the LAN?
    yes

    2) Ping the server from the VPN?
    yes

    only thing is cant run a program from the vpn and cant copy to the vpn i think ill give the authentication in open vpn with the ldap service



  • When you say "to the vpn" - exactly what do you mean?  You've already said you can connect to, and use, shares at the far end of the VPN so there's no obvious problem.



  • what i mean is if i copy a file the the vpn i usually get an error ill try it again to give you the exact code i had it written down somewhere



  • Sounds like a file/share permissions error on the server - nothing to do with the VPN since you can copy files off of the share.

    Are you authenticating to the file server?

    Does it work, copying a file to the file server, from the local network?



  • honestly i dont think im authenticating i tried to get the authentication going with the ldap authentication post but it may be my pfsense version is to old cause i cant add the needed packages



  • No, not authentication to pfSense, authentication to the file server - the 2 are completely unrelated.

    When you connect to the file server, do you have to specify a username and password?



  • im on a domain, and i am the administrator i can simply browse the network, if i use an alternate user on the computer which is not on the domain then it does ask for user name and password



  • And from the VPN?



  • that is from the vpn what i described is when im connected to the vpn i think there should be some integration from open vpn on the firewall to the dns server on my network which is not taking place so that it can be added to the user under policies almost like routing and remote acess



  • To be blunt, I think you need to bring in somebody with more experience than you have.  If DNS didn't work then you wouldn't be able to map the share.  From what you've said it all sounds like an authentication problem.  When you map the share across the VPN:

    a) Is the remote device on the domain?
    b) Are you providing a username and password?


Log in to reply