Need some help with openvpn client connections
-
Hi Guys,
I have openvpn working and clients are connected, but I have a problem with this one scenario
1. openvpn client connects to openvpn server…(client computer connects to pfsense 2.0.1 openvpn server from behind pfsense 2.0.1 router)
2. openvpn client then connects to windows 7 workstation via remote desktop.
3. windows 7 workstation cannot ping openvpn client.I am trying to create a share to usb receipt printer connected to openvpn client.
This way, the user can log into software via remote desktop, process customer transaction, and print receipt for customer.
I am using using TUN device of server.
Is there a way to get the remote desktop client to "see" the openvpn client and available shares?
Is Bridge mode the applicable for this scenario?thanks for your help. Jits.
-
Did you create a firewall rule on LAN site so that the host behind pfsense hast the correct firewall rule to connect to OpenVPN subnet and clients ?
Does the OpenVPN client allow connections from other subnets (windows firewall) ?
-
Hi.
I'm connecting straight thru without going thru pfsense router this end.
This means, I'm connecting to pfsense openvpn server on other side. I'm still unable to connect to the openvpn client from via remote desktop from the LAN behind the openvpn server. I'm playing with the firewall settings on the openvpn client.
Doing:
OPVPN Client –-> OPVPN Server ---->LAN---->Workstation.
Want to do:
Workstation–-->LAN---->OPVPN Server---->OPVPN Client (net use lpt1 \10.11.12.14\cablemm /persistent:yes)
-
Bingo! I got it working…in the raw.
turned off windows 7 firewall and was then able to ping the openvpn client IP address (10.11.12.14)
Was also able to successfully apply the net use lpt1 command and print a test receipt.
Now, I'll have to fine tune it with the firewall turned back on.
Now, I don't have to install software on their computer and response times will be much faster, equals less frustration for the customer.
-
That's why I asked you about the windows firewall.
Windows Vista/7 has a much more complex firewall than older Windows.Windows 7 firewall does not allow connections from other subnet than the local subnet so that is what you have to fine tune in the advanced windows firewall settings - changing the rule from "local subnet" to "any" or more specific.
Good luck! :-)
-
Thanks for the heads up on that one Nachtfalke.
I turned off firewall service for the win32/tap adapter, and it works well.
The only problem I have now and that relates to assigning a openvpn static ip address so the net use lpt1 command will work all the time.
Do you know if this can be done with Server Mode: Remote Access (SSL/TLS + User Auth)?
Thanks, Jits.
-
(…)
Do you know if this can be done with Server Mode: Remote Access (SSL/TLS + User Auth)?Yes, this can be done.
You can realize that with the "Client Specific override". Enter the Certificate's Common Name of the RoadWarrior and setup a /30 subent within the OpenVPN-Server tunnel network for that client. This will assign the client always the same IP address.
Every OpenVPN connection has its own /30 subnet.
10.10.10.8/30 has these IPs:
10.10.10.4: Netaddress
10.10.10.5: OpenVPN Server
10.10.10.6: OpenVPN Client/RoadWarrior
10.10.10.7: Broadcast address -
Yes, this can be done.
You can realize that with the "Client Specific override". Enter the Certificate's Common Name of the RoadWarrior and setup a /30 subent within the OpenVPN-Server tunnel network for that client. This will assign the client always the same IP address.
Every OpenVPN connection has its own /30 subnet.
10.10.10.8/30 has these IPs:
10.10.10.4: Netaddress
10.10.10.5: OpenVPN Server
10.10.10.6: OpenVPN Client/RoadWarrior
10.10.10.7: Broadcast addressOkay, thanks. This is fine, but how do I do this? –Nevermind.
Wow. This is humbling. There's a tab for that?! Never even saw it until you mentioned it.
Ok, I'm going to try it out now, but I suspect I should delete the client config sub-directory I created and restart openvpn.
Much Thanks for enlightening me, Jits.