• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

I can't see other computers when connected to my OpenVPN

Scheduled Pinned Locked Moved OpenVPN
13 Posts 4 Posters 14.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jai23155
    last edited by Feb 3, 2011, 11:21 AM

    hey, it's been a week since i am searching for this. mine is same problem. please reply me if you find a solution. thanks

    1 Reply Last reply Reply Quote 0
    • C
      Cry Havok
      last edited by Feb 3, 2011, 5:41 PM

      jai23155 why don't you provide details of your configuration so we can tell if you're suffering from exactly the same problem as you think, or if it's completely unrelated.

      1 Reply Last reply Reply Quote 0
      • J
        jai23155
        last edited by Feb 3, 2011, 6:26 PM

        hi, my configuration
        main office LAN-192.168.10.0/24 behind pfsense
        looking to set up open vpn client for remote users. created certificates, keys  and config files. open vpn server on pfsense box.
        protocol tcp
        local port 1194
        address pool 192.168.12.0/24
        local network 192.168.10.0/24
        cryptograohy bf-cbc (128 bit)
        PKI
        disable netbios
        lzo compression

        tried from a pc which is outside lan, can connect to pfsense box, but neither ping any pc on LAN nor browse windows shares on server.
        when connected it is giving a ip at web GUI. but there is no ip on interface when i did ipconfig /all, it is showing a self assigned ip (168.254.37.38).
        the pc outside the LAN is server 2008 (i am testing from) if it makes any difference. when i tested it from my home (win 7 laptop), i can see the adress assigned on interface 192.168.12.6, dhcp server 192.168.12.5; but subnet is 255.255.255.252 rather than 255.255.255.0.
        i am already running IPsec tunnel between two of our sites. there is no open vpn tab in firewall and no process running for openVPN.
        please find attached to see my openvpn server config. thanks

        1 Reply Last reply Reply Quote 0
        • C
          Cry Havok
          last edited by Feb 3, 2011, 6:49 PM

          The inability to browser shares has been discussed many times - that's usually down to attempting to use WINS on a routed network without using a WINS server.

          Can you post a screenshot of the server settings and a copy of the client configuration file, as well as the client log.

          1 Reply Last reply Reply Quote 0
          • J
            jai23155
            last edited by Feb 3, 2011, 7:00 PM

            please find attached server config.
            client config:
            client
            dev tun
            proto tcp
            remote xxx.xxx.xxx.xxx 1194
            ping 10
            resolv-retry infinite
            nobind
            persist-key
            persist-tun
            ca ca.crt
            cert ovpn_client1.crt
            key ovpn_client1.key
            ns-cert-type server
            comp-lzo
            pull
            verb 3
            we are using server 2008 r2 as domain controller and wins server which is at 192.168.10.xxx.

            pfsense1.png
            pfsense1.png_thumb
            pfsense2.png
            pfsense2.png_thumb

            1 Reply Last reply Reply Quote 0
            • C
              Cry Havok
              last edited by Feb 4, 2011, 11:57 AM

              Can I suggest that you push the DNS and WINS servers for the LAN and set the NetBIOS mode to p.

              If you're still having problems after that don't forget to post the rest of the information I asked for ;)

              1 Reply Last reply Reply Quote 0
              • J
                jai23155
                last edited by Feb 4, 2011, 12:22 PM

                did what you said. but no use, still same result. i couldn't even see my open vpn service running in status or in firewall.
                my client config is
                client
                dev tun
                proto tcp
                remote xxx.xxx.xxx.xxx 1194
                ping 10
                resolv-retry infinite
                nobind
                persist-key
                persist-tun
                ca ca.crt
                cert ovpn_client2.crt
                key ovpn_client2.key
                ns-cert-type server
                comp-lzo
                pull
                verb 3
                i am already running an IPsec tunnel between two sites. is there any ipsec opn client softwares, so that i dont have to struggle with openvpn.
                thanks

                1 Reply Last reply Reply Quote 0
                • C
                  Cry Havok
                  last edited by Feb 4, 2011, 12:37 PM

                  As you're consistently not supply the requested client logs it's hard to help you. Of course, if you haven't started the OpenVPN service that might explain why it isn't working.

                  As for IPsec clients, there are some good options and if you look in the IPsec forum you'll find various options.

                  1 Reply Last reply Reply Quote 0
                  • J
                    jai23155
                    last edited by Feb 4, 2011, 2:07 PM

                    sorry, forgot to paste log file, here it is
                    Fri Feb 04 14:03:25 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
                    Fri Feb 04 14:03:25 2011 WARNING: –ping should normally be used with --ping-restart or --ping-exit
                    Fri Feb 04 14:03:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
                    Fri Feb 04 14:03:25 2011 LZO compression initialized
                    Fri Feb 04 14:03:25 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
                    Fri Feb 04 14:03:25 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
                    Fri Feb 04 14:03:25 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
                    Fri Feb 04 14:03:25 2011 Local Options hash (VER=V4): '69109d17'
                    Fri Feb 04 14:03:25 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
                    Fri Feb 04 14:03:25 2011 Attempting to establish TCP connection with 194.105.164.81:1194
                    Fri Feb 04 14:03:25 2011 TCP connection established with 194.105.164.81:1194
                    Fri Feb 04 14:03:25 2011 TCPv4_CLIENT link local: [undef]
                    Fri Feb 04 14:03:25 2011 TCPv4_CLIENT link remote: 194.105.164.81:1194
                    Fri Feb 04 14:03:25 2011 TLS: Initial packet from 194.105.164.81:1194, sid=7725128e 2a69e6c7
                    Fri Feb 04 14:03:26 2011 VERIFY OK: depth=1, /C=UK/ST=NA/L=Aberdeen/O=EFCGROUP/CN=pfsense/emailAddress=IT@efcgroup.net
                    Fri Feb 04 14:03:26 2011 VERIFY OK: nsCertType=SERVER
                    Fri Feb 04 14:03:26 2011 VERIFY OK: depth=0, /C=UK/ST=NA/O=EFCGROUP/CN=server/emailAddress=IT@efcgroup.net
                    Fri Feb 04 14:03:27 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
                    Fri Feb 04 14:03:27 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
                    Fri Feb 04 14:03:27 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
                    Fri Feb 04 14:03:27 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
                    Fri Feb 04 14:03:27 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
                    Fri Feb 04 14:03:27 2011 [server] Peer Connection Initiated with 194.105.164.81:1194
                    Fri Feb 04 14:03:29 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
                    Fri Feb 04 14:03:30 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,dhcp-option DNS 192.168.10.115,dhcp-option WINS 192.168.10.115,dhcp-option NBT 2,dhcp-option DISABLE-NBT,route 192.168.12.1,ping 10,ping-restart 60,ifconfig 192.168.12.6 192.168.12.5'
                    Fri Feb 04 14:03:30 2011 OPTIONS IMPORT: timers and/or timeouts modified
                    Fri Feb 04 14:03:30 2011 OPTIONS IMPORT: –ifconfig/up options modified
                    Fri Feb 04 14:03:30 2011 OPTIONS IMPORT: route options modified
                    Fri Feb 04 14:03:30 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
                    Fri Feb 04 14:03:30 2011 ROUTE default_gateway=95.131.64.1
                    Fri Feb 04 14:03:30 2011 TAP-WIN32 device [Local Area Connection 5] opened: \.\Global{2DC55850-9ABE-45DB-9A1F-284E136D85FD}.tap
                    Fri Feb 04 14:03:30 2011 TAP-Win32 Driver Version 9.7
                    Fri Feb 04 14:03:30 2011 TAP-Win32 MTU=1500
                    Fri Feb 04 14:03:30 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.12.6/255.255.255.252 on interface {2DC55850-9ABE-45DB-9A1F-284E136D85FD} [DHCP-serv: 192.168.12.5, lease-time: 31536000]
                    Fri Feb 04 14:03:30 2011 Successful ARP Flush on interface [20] {2DC55850-9ABE-45DB-9A1F-284E136D85FD}
                    Fri Feb 04 14:03:35 2011 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
                    Fri Feb 04 14:03:35 2011 Route: Waiting for TUN/TAP interface to come up…
                    Fri Feb 04 14:03:40 2011 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
                    Fri Feb 04 14:03:40 2011 Route: Waiting for TUN/TAP interface to come up...
                    Fri Feb 04 14:03:41 2011 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down

                    Fri Feb 04 14:04:06 2011 C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 192.168.12.5
                    Fri Feb 04 14:04:06 2011 Warning: route gateway is not reachable on any active network adapters: 192.168.12.5
                    Fri Feb 04 14:04:06 2011 Route addition via IPAPI failed [adaptive]
                    Fri Feb 04 14:04:06 2011 Route addition fallback to route.exe
                    OK!
                    Fri Feb 04 14:04:06 2011 C:\WINDOWS\system32\route.exe ADD 192.168.12.1 MASK 255.255.255.255 192.168.12.5
                    Fri Feb 04 14:04:06 2011 Warning: route gateway is not reachable on any active network adapters: 192.168.12.5
                    Fri Feb 04 14:04:06 2011 Route addition via IPAPI failed [adaptive]
                    Fri Feb 04 14:04:06 2011 Route addition fallback to route.exe
                    OK!
                    SYSTEM ROUTING TABLE
                    0.0.0.0 0.0.0.0 95.131.64.1 p=0 i=17 t=4 pr=3 a=763 h=0 m=31/0/0/0/0
                    95.131.64.0 255.255.248.0 95.131.64.61 p=0 i=17 t=3 pr=3 a=760 h=0 m=286/0/0/0/0
                    95.131.64.61 255.255.255.255 95.131.64.61 p=0 i=17 t=3 pr=3 a=760 h=0 m=286/0/0/0/0
                    95.131.71.255 255.255.255.255 95.131.64.61 p=0 i=17 t=3 pr=3 a=760 h=0 m=286/0/0/0/0
                    127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                    127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                    127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                    169.254.0.0 255.255.0.0 169.254.117.131 p=0 i=20 t=3 pr=3 a=115 h=0 m=286/0/0/0/0
                    169.254.117.131 255.255.255.255 169.254.117.131 p=0 i=20 t=3 pr=3 a=115 h=0 m=286/0/0/0/0
                    169.254.255.255 255.255.255.255 169.254.117.131 p=0 i=20 t=3 pr=3 a=115 h=0 m=286/0/0/0/0
                    192.168.10.0 255.255.255.0 192.168.12.5 p=0 i=17 t=4 pr=3 a=0 h=0 m=31/0/0/0/0
                    192.168.12.1 255.255.255.255 192.168.12.5 p=0 i=17 t=4 pr=3 a=0 h=0 m=31/0/0/0/0
                    224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                    224.0.0.0 240.0.0.0 95.131.64.61 p=0 i=17 t=3 pr=3 a=763 h=0 m=286/0/0/0/0
                    224.0.0.0 240.0.0.0 169.254.117.131 p=0 i=20 t=3 pr=3 a=763 h=0 m=286/0/0/0/0
                    255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=800 h=0 m=306/0/0/0/0
                    255.255.255.255 255.255.255.255 95.131.64.61 p=0 i=17 t=3 pr=3 a=763 h=0 m=286/0/0/0/0
                    255.255.255.255 255.255.255.255 169.254.117.131 p=0 i=20 t=3 pr=3 a=763 h=0 m=286/0/0/0/0
                    SYSTEM ADAPTER LIST
                    TAP-Win32 Adapter V9
                      Index = 20
                      GUID = {2DC55850-9ABE-45DB-9A1F-284E136D85FD}
                      IP = 169.254.117.131/255.255.0.0
                      MAC = 00:ff:2d:c5:58:50
                      GATEWAY = 0.0.0.0/255.255.255.255
                      DHCP SERV = 
                      DHCP LEASE OBTAINED = Fri Feb 04 14:04:06 2011
                      DHCP LEASE EXPIRES  = Fri Feb 04 14:04:06 2011
                      DNS SERV = 
                    Broadcom NetXtreme Gigabit Ethernet #4
                      Index = 17
                      GUID = {0CC3C516-5227-47CA-861F-AFCCEEE265C0}
                      IP = 95.131.64.61/255.255.248.0
                      MAC = 00:25:64:3b:76:a5
                      GATEWAY = 95.131.64.1/255.255.255.255
                      DNS SERV = 79.170.43.250/255.255.255.255
                    Broadcom NetXtreme Gigabit Ethernet #3
                      Index = 16
                      GUID = {A55B484F-D466-4FF5-9C76-FA7BC34CEA66}
                      IP = 0.0.0.0/0.0.0.0
                      MAC = 00:25:64:3b:76:a6
                      GATEWAY = 0.0.0.0/255.255.255.255
                      DHCP SERV = 
                      DHCP LEASE OBTAINED = Fri Feb 04 14:04:06 2011
                      DHCP LEASE EXPIRES  = Fri Feb 04 14:04:06 2011
                      DNS SERV = 
                    Fri Feb 04 14:04:06 2011 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )

                    thanks

                    1 Reply Last reply Reply Quote 0
                    • J
                      jai23155
                      last edited by Feb 4, 2011, 3:54 PM

                      anyway, i got IPsec vpn client up and running in few minutes. but, i really want to know how to get open vpn up ?? thanks

                      1 Reply Last reply Reply Quote 0
                      • C
                        Cry Havok
                        last edited by Feb 4, 2011, 9:15 PM

                        The log shows the problem, and even links you to a FAQ entry telling you what to check - see here. If you're using Windows Vista or Windows 7 ensure you run the client as an Administrator (right click -> run as administrator).

                        1 Reply Last reply Reply Quote 0
                        13 out of 13
                        • First post
                          13/13
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received