(Configuration?) PPTP - OpenVPN - Can't access local network



  • Hello,

    I've tryed for months to setup a PPTP or OpenVPN tunnel with pfsense.

    I'm trying to use pfsense as a VPN server, with a mobile client running Windows 7 x64.

    PPTP connects but can access only the pfsense IPs (both tha LAN IP and the PPTP server IP)
    CANNOT ping or webaccess (TCP 80) any LAN IP besides pfsense's: ping fails, and tracert show that data is trying to go out via the VPN but only the first hop is active (pfsense PPTP IP)

    With OpenVPN (using the guide in this forum) connects fine, but again only access the pfsense LAN IP, not any internal LAN IP.

    I've double checked my firewall rules, I tryed all of this:
    1. Rule in PPTP interface:
    PASS Proto:* Source:* Port:* Dest:* Port:* Gateway:*

    2. Rule in PPTP interface:
    PASS Proto:* Source:PPTP clients Port:* Dest:* Port:* Gateway:*

    3. Rule in LAN interface:
    PASS Proto:* Source:* Port:* Dest:* Port:* Gateway:*

    4. Rule in OpenVPN interface:
    PASS Proto:* Source:* Port:* Dest:* Port:* Gateway:*

    None of the above make my traffic go to LAN IP.

    In OpenVPN usgin rule 4, I've enabled logging and the log showed this:
    PASS May 9 15:52:52 ovpns1  10.0.8.2  192.168.10.203 ICMP

    I looking for advice to how to configure this, or maybe where to look for any troubleshotting issue.

    NOTE: With pfsense 1.2.3 PPTP worked fine.
    NOTE 2: There isn't any firewall between pfsense and internet, and between mobile client and internet.

    Thank you.


  • Rebel Alliance Developer Netgate

    There is currently a bug report open for PPTP routing issues, so that is probably your problem there.

    As for OpenVPN, it works fine. It sounds like you don't have the routes on the client. If you haven't done so already, make sure you are running the OpenVPN client as administrator on Windows 7.



  • run cmd.exe as admin.
    add the route manually by: route add DESTINATION mask NETMASK LOCALGATEWAY. (route add -p = persistent, after reboot still active.)

    this tells your client, when trying to reach your remote network, or everyone else not on the same subnet, which way to go, the next hop, which router can handle the request further..

    but as jimp said, firstly make sure you're running ovpn with rights, because the command above should be part of the initialization script, but failed cause a lack of rights..

    Good luck, S.



  • I've been running the ovpn client with admin rights.

    I suppose the routing is fine because of this:

    MY ovpn client has IP: 10.0.8.2
    The ovpn server (pfsense) IP: 10.0.8.1

    My pfsense LAN address is 192.168.10.1 and I can navigate this address, witch isn't in the same subnet as 10.0.8.0/24.

    The addresses I can't reach is anything in 192.168.10.0/24 but 192.168.10.1 (witch is pfsense's LAN IP)

    Anyway right now I've tried installing the OpenVPN client Exporter package, and it failed in the installation with an "XML error". The package is corrupted and cannot uninstall it. And after that my openvpn server not connected anymore, the client gives an "TLS handshaking not responded in 60 seconds" (or something like this).

    I will try again the next time I do a clean install.



  • http://forum.pfsense.org/index.php/topic,25061.0.html

    btw, the topic above is not an pfsense-issue.
    it was a configuration fault. (wrong gateway)

    from my perspective, i can´t help you further since i don´t know your network.

    i would suggest you should do a clean installation with a fresh snapshot and a fresh configuration from "scratch", because i didn't had any problems with openvpn's roadwarrior-setup nor read about unsolved issues in 2.0 beta.

    is it possible that you´re testing in a virtual appliance on the same physical network?


Locked