Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't access devices on LAN in tap setup

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      secretknight42
      last edited by

      Hi all,

      I've been fighting with this for a few days now, but I haven't been able to get anywhere.  I am trying to setup OpenVPN so I can remotely access my network (file shares, etc).  When I connect, I get an IP address, and I can ping the PFSense box, but I can't get to anything else on the LAN.
      I followed this tutorial:
      http://hardforum.com/showthread.php?t=1663797

      Network setup:
      ISP -> PFSense -> switch -> computers.  There's nothing that complicated.
      LAN: 192.168.1.0/24
      PFSense (same as gateway): 192.168.1.1

      Server settings:
      Disabled:  No
      Server Mode:  Remote Access ( SSL/TLS )
      Protocol:  UDP
      Device Mode:  tap
      Interface:  WAN
      Local port:  1194
      Enable authentication of TLS packets:  Yes
      Peer Certificate Authority:  ****
      Peer Certificate Revocation List:  <no certificate="" revocation="" lists="" (crls)="" defined="">Server Certificate:  ****
      DH Parameters Length:  1024
      Encryption algorithm:  AES-128-CBC
      Hardware Crypto:  BSD cryptodev engine
      Certificate Depth:  1
      Tunnel Network:  <blank>Allow clients on the bridge to obtain DHCP:  Yes
      Bridge Interface:  LAN
      Server Bridge DHCP Start:  <blank>Server Bridge DHCP Start:  <blank>Force all client generated traffic through the tunnel:  Yes
      Concurrent connection:  <blank>Compress tunnel packets using the LZO algorithm:  Yes
      Set the TOS IP header value of tunnel packets to match the encapsulated packet value:  No
      Allow communication between clients connected to this server:  No
      Allow multiple concurrent connections from clients using the same Common Name:  No
      Allow connected clients to retain their connections if their IP address changes:  Yes
      Provide a virtual adapter IP address to clients (see Tunnel Network):  No
      Provide a default domain name to clients:  No
      Provide a DNS server list to clients:  No
      Provide a NTP server list to clients:  No
      Enable NetBIOS over TCP/IP:  No
      Advanced:  <blank>Client settings:
      dev tap
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      tls-client
      client
      resolv-retry infinite
      remote **** 1194
      tls-remote "VPN"
      pkcs12 pfsense-udp-1194.p12
      tls-auth pfsense-udp-1194-tls.key 1
      comp-lzo

      Firewall rules:
      I've set the rule allow anything (source=any, dest=any, type=any, port=any)  on LAN, OpenVPN, and the VPN adaptor that I created to bridge with my LAN.

      Connection log:
      Fri Sep 07 12:21:06 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
      Fri Sep 07 12:21:06 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
      Fri Sep 07 12:21:06 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
      Fri Sep 07 12:21:06 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
      Fri Sep 07 12:21:06 2012 Control Channel Authentication: using 'pfsense-udp-1194-tls.key' as a OpenVPN static key file
      Fri Sep 07 12:21:06 2012 LZO compression initialized
      Fri Sep 07 12:21:06 2012 UDPv4 link local (bound): [undef]:1194
      Fri Sep 07 12:21:06 2012 UDPv4 link remote: ****:1194
      Fri Sep 07 12:21:07 2012 [VPN] Peer Connection Initiated with ****:1194
      Fri Sep 07 12:21:10 2012 TAP-WIN32 device [Local Area Connection 3] opened: \.\Global{CF343EC4-0130-44B4-BFFC-D893696914D9}.tap
      Fri Sep 07 12:21:10 2012 Successful ARP Flush on interface [27] {CF343EC4-0130-44B4-BFFC-D893696914D9}
      Fri Sep 07 12:21:15 2012 NOTE: unable to redirect default gateway – VPN gateway parameter (--route-gateway or --ifconfig) is missing
      Fri Sep 07 12:21:15 2012 Initialization Sequence Completed
      Fri Sep 07 12:24:32 2012 [VPN] Inactivity timeout (–ping-restart), restarting
      Fri Sep 07 12:24:32 2012 SIGUSR1[soft,ping-restart] received, process restarting
      Fri Sep 07 12:24:34 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
      Fri Sep 07 12:24:34 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
      Fri Sep 07 12:24:34 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
      Fri Sep 07 12:24:34 2012 Re-using SSL/TLS context
      Fri Sep 07 12:24:34 2012 LZO compression initialized
      Fri Sep 07 12:24:46 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
      Fri Sep 07 12:24:58 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
      Fri Sep 07 12:25:15 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
      Fri Sep 07 12:25:32 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
      Fri Sep 07 12:25:49 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
      Fri Sep 07 12:25:54 2012 UDPv4 link local (bound): [undef]:1194
      Fri Sep 07 12:25:54 2012 UDPv4 link remote: ****:1194
      Fri Sep 07 12:25:56 2012 [VPN] Peer Connection Initiated with ****:1194
      Fri Sep 07 12:25:58 2012 Preserving previous TUN/TAP instance: Local Area Connection 3
      Fri Sep 07 12:25:58 2012 Initialization Sequence Completed
      Fri Sep 07 12:28:23 2012 SIGTERM[hard,] received, process exiting

      Does anyone have any ideas?

      Thanks</blank></blank></blank></blank></blank></no>

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        did you actually create the bridge?  (interfaces–>assign-->bridges)

        1 Reply Last reply Reply Quote 0
        • S
          secretknight42
          last edited by

          Yup, I did do that.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.