Can't access devices on LAN in tap setup



  • Hi all,

    I've been fighting with this for a few days now, but I haven't been able to get anywhere.  I am trying to setup OpenVPN so I can remotely access my network (file shares, etc).  When I connect, I get an IP address, and I can ping the PFSense box, but I can't get to anything else on the LAN.
    I followed this tutorial:
    http://hardforum.com/showthread.php?t=1663797

    Network setup:
    ISP -> PFSense -> switch -> computers.  There's nothing that complicated.
    LAN: 192.168.1.0/24
    PFSense (same as gateway): 192.168.1.1

    Server settings:
    Disabled:  No
    Server Mode:  Remote Access ( SSL/TLS )
    Protocol:  UDP
    Device Mode:  tap
    Interface:  WAN
    Local port:  1194
    Enable authentication of TLS packets:  Yes
    Peer Certificate Authority:  ****
    Peer Certificate Revocation List:  <no certificate="" revocation="" lists="" (crls)="" defined="">Server Certificate:  ****
    DH Parameters Length:  1024
    Encryption algorithm:  AES-128-CBC
    Hardware Crypto:  BSD cryptodev engine
    Certificate Depth:  1
    Tunnel Network:  <blank>Allow clients on the bridge to obtain DHCP:  Yes
    Bridge Interface:  LAN
    Server Bridge DHCP Start:  <blank>Server Bridge DHCP Start:  <blank>Force all client generated traffic through the tunnel:  Yes
    Concurrent connection:  <blank>Compress tunnel packets using the LZO algorithm:  Yes
    Set the TOS IP header value of tunnel packets to match the encapsulated packet value:  No
    Allow communication between clients connected to this server:  No
    Allow multiple concurrent connections from clients using the same Common Name:  No
    Allow connected clients to retain their connections if their IP address changes:  Yes
    Provide a virtual adapter IP address to clients (see Tunnel Network):  No
    Provide a default domain name to clients:  No
    Provide a DNS server list to clients:  No
    Provide a NTP server list to clients:  No
    Enable NetBIOS over TCP/IP:  No
    Advanced:  <blank>Client settings:
    dev tap
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    tls-client
    client
    resolv-retry infinite
    remote **** 1194
    tls-remote "VPN"
    pkcs12 pfsense-udp-1194.p12
    tls-auth pfsense-udp-1194-tls.key 1
    comp-lzo

    Firewall rules:
    I've set the rule allow anything (source=any, dest=any, type=any, port=any)  on LAN, OpenVPN, and the VPN adaptor that I created to bridge with my LAN.

    Connection log:
    Fri Sep 07 12:21:06 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
    Fri Sep 07 12:21:06 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Fri Sep 07 12:21:06 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
    Fri Sep 07 12:21:06 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Fri Sep 07 12:21:06 2012 Control Channel Authentication: using 'pfsense-udp-1194-tls.key' as a OpenVPN static key file
    Fri Sep 07 12:21:06 2012 LZO compression initialized
    Fri Sep 07 12:21:06 2012 UDPv4 link local (bound): [undef]:1194
    Fri Sep 07 12:21:06 2012 UDPv4 link remote: ****:1194
    Fri Sep 07 12:21:07 2012 [VPN] Peer Connection Initiated with ****:1194
    Fri Sep 07 12:21:10 2012 TAP-WIN32 device [Local Area Connection 3] opened: \.\Global{CF343EC4-0130-44B4-BFFC-D893696914D9}.tap
    Fri Sep 07 12:21:10 2012 Successful ARP Flush on interface [27] {CF343EC4-0130-44B4-BFFC-D893696914D9}
    Fri Sep 07 12:21:15 2012 NOTE: unable to redirect default gateway – VPN gateway parameter (--route-gateway or --ifconfig) is missing
    Fri Sep 07 12:21:15 2012 Initialization Sequence Completed
    Fri Sep 07 12:24:32 2012 [VPN] Inactivity timeout (–ping-restart), restarting
    Fri Sep 07 12:24:32 2012 SIGUSR1[soft,ping-restart] received, process restarting
    Fri Sep 07 12:24:34 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Fri Sep 07 12:24:34 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
    Fri Sep 07 12:24:34 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Fri Sep 07 12:24:34 2012 Re-using SSL/TLS context
    Fri Sep 07 12:24:34 2012 LZO compression initialized
    Fri Sep 07 12:24:46 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
    Fri Sep 07 12:24:58 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
    Fri Sep 07 12:25:15 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
    Fri Sep 07 12:25:32 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
    Fri Sep 07 12:25:49 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
    Fri Sep 07 12:25:54 2012 UDPv4 link local (bound): [undef]:1194
    Fri Sep 07 12:25:54 2012 UDPv4 link remote: ****:1194
    Fri Sep 07 12:25:56 2012 [VPN] Peer Connection Initiated with ****:1194
    Fri Sep 07 12:25:58 2012 Preserving previous TUN/TAP instance: Local Area Connection 3
    Fri Sep 07 12:25:58 2012 Initialization Sequence Completed
    Fri Sep 07 12:28:23 2012 SIGTERM[hard,] received, process exiting

    Does anyone have any ideas?

    Thanks</blank></blank></blank></blank></blank></no>



  • did you actually create the bridge?  (interfaces–>assign-->bridges)



  • Yup, I did do that.


Log in to reply