Can't access devices on LAN in tap setup
-
Hi all,
I've been fighting with this for a few days now, but I haven't been able to get anywhere. I am trying to setup OpenVPN so I can remotely access my network (file shares, etc). When I connect, I get an IP address, and I can ping the PFSense box, but I can't get to anything else on the LAN.
I followed this tutorial:
http://hardforum.com/showthread.php?t=1663797Network setup:
ISP -> PFSense -> switch -> computers. There's nothing that complicated.
LAN: 192.168.1.0/24
PFSense (same as gateway): 192.168.1.1Server settings:
Disabled: No
Server Mode: Remote Access ( SSL/TLS )
Protocol: UDP
Device Mode: tap
Interface: WAN
Local port: 1194
Enable authentication of TLS packets: Yes
Peer Certificate Authority: ****
Peer Certificate Revocation List: <no certificate="" revocation="" lists="" (crls)="" defined="">Server Certificate: ****
DH Parameters Length: 1024
Encryption algorithm: AES-128-CBC
Hardware Crypto: BSD cryptodev engine
Certificate Depth: 1
Tunnel Network: <blank>Allow clients on the bridge to obtain DHCP: Yes
Bridge Interface: LAN
Server Bridge DHCP Start: <blank>Server Bridge DHCP Start: <blank>Force all client generated traffic through the tunnel: Yes
Concurrent connection: <blank>Compress tunnel packets using the LZO algorithm: Yes
Set the TOS IP header value of tunnel packets to match the encapsulated packet value: No
Allow communication between clients connected to this server: No
Allow multiple concurrent connections from clients using the same Common Name: No
Allow connected clients to retain their connections if their IP address changes: Yes
Provide a virtual adapter IP address to clients (see Tunnel Network): No
Provide a default domain name to clients: No
Provide a DNS server list to clients: No
Provide a NTP server list to clients: No
Enable NetBIOS over TCP/IP: No
Advanced: <blank>Client settings:
dev tap
persist-tun
persist-key
proto udp
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote **** 1194
tls-remote "VPN"
pkcs12 pfsense-udp-1194.p12
tls-auth pfsense-udp-1194-tls.key 1
comp-lzoFirewall rules:
I've set the rule allow anything (source=any, dest=any, type=any, port=any) on LAN, OpenVPN, and the VPN adaptor that I created to bridge with my LAN.Connection log:
Fri Sep 07 12:21:06 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Sep 07 12:21:06 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Sep 07 12:21:06 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
Fri Sep 07 12:21:06 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Sep 07 12:21:06 2012 Control Channel Authentication: using 'pfsense-udp-1194-tls.key' as a OpenVPN static key file
Fri Sep 07 12:21:06 2012 LZO compression initialized
Fri Sep 07 12:21:06 2012 UDPv4 link local (bound): [undef]:1194
Fri Sep 07 12:21:06 2012 UDPv4 link remote: ****:1194
Fri Sep 07 12:21:07 2012 [VPN] Peer Connection Initiated with ****:1194
Fri Sep 07 12:21:10 2012 TAP-WIN32 device [Local Area Connection 3] opened: \.\Global{CF343EC4-0130-44B4-BFFC-D893696914D9}.tap
Fri Sep 07 12:21:10 2012 Successful ARP Flush on interface [27] {CF343EC4-0130-44B4-BFFC-D893696914D9}
Fri Sep 07 12:21:15 2012 NOTE: unable to redirect default gateway – VPN gateway parameter (--route-gateway or --ifconfig) is missing
Fri Sep 07 12:21:15 2012 Initialization Sequence Completed
Fri Sep 07 12:24:32 2012 [VPN] Inactivity timeout (–ping-restart), restarting
Fri Sep 07 12:24:32 2012 SIGUSR1[soft,ping-restart] received, process restarting
Fri Sep 07 12:24:34 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Sep 07 12:24:34 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
Fri Sep 07 12:24:34 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Sep 07 12:24:34 2012 Re-using SSL/TLS context
Fri Sep 07 12:24:34 2012 LZO compression initialized
Fri Sep 07 12:24:46 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:24:58 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:25:15 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:25:32 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:25:49 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:25:54 2012 UDPv4 link local (bound): [undef]:1194
Fri Sep 07 12:25:54 2012 UDPv4 link remote: ****:1194
Fri Sep 07 12:25:56 2012 [VPN] Peer Connection Initiated with ****:1194
Fri Sep 07 12:25:58 2012 Preserving previous TUN/TAP instance: Local Area Connection 3
Fri Sep 07 12:25:58 2012 Initialization Sequence Completed
Fri Sep 07 12:28:23 2012 SIGTERM[hard,] received, process exitingDoes anyone have any ideas?
Thanks</blank></blank></blank></blank></blank></no>
-
did you actually create the bridge? (interfaces–>assign-->bridges)
-
Yup, I did do that.