Vista client: can ping, can connect web admin, but can't access SMB shares

  • Hi there,

    I managed on a V2.0.1 pfSense to enable OpenVPN server by going through the wizard. I can ping my local network (e.g. and also connect remotely to the pfSense Admin Interface - but there is no way to e.g. access network shares on my SMB server under (connection timeout). I tried up and down with local routing, playing around with the NetBIOS settings on server side, with client DNS and without but nothing led to success.

    My server settings are:

    			<authmode>Local Database</authmode>

    I also tried several Open VPN clients on my Vista Notebook, whereas finally V2.3-alpha remains. No matter, with all of them I managed to connect to my pfSense (started as Administrator), ping the local network, access pfSense Admin etc., but have no access to shared drives.

    My client settings:

    dev tun
    proto udp
    cipher AES-128-CBC
    route-method exe
    route-delay 2
    remote some.domain 1194
    tls-remote The server
    pkcs12 myvpn-udp-1194.p12
    tls-auth myvpn-udp-1194-tls.key 1

    What is my mistake?
    Many thanks in advance for any hint.


  • STUPID ME!!  ::)

    One desperate smoke later i remember to have white listed my file server for connections from the subnet only.
    Unless any of you guys could advice me how to mask incoming connections from (client IP) to subnet my problem is solved once I could physically get grab of the file server to extend the white list…

    best regards

  • you might be able to NAT the subnet to the other subnet, altho i'd suggest changing the whitelist

  • You're going to have to allow access from the real subnet. With most services you can NAT and get away with it, but NAT of any type breaks SMB.

  • Thanks for answering guys.

    The issue is, that the whitelist is stored on the fileserver and I need to get hold of it physically to make a change. As this will take another week and I desperately need some files I would like to get temporary remote access to change the whitelist.

    When NATing from OpenVPN to LAN subnet, the fileserver obvisualy recognizes that request comes from a NOT LAN subnet address and therefore, due to the whitelist rule, denies access. Thats why my final question whether it is possible to use pfSense to mask my OpenVPN client address to a LAN address to mock the fileserver.

    Thanks & regards

  • Finally I found an answer for my issue in following article, that explains how to setup OpenVPN in bridged mode:

    Unfortunately it is not possible to do that remotely as the new configuration kicks off my current client connection. But that's a different issue.