Can't access devices on LAN in tap setup

secretknight42

Hi all,

I've been fighting with this for a few days now, but I haven't been able to get anywhere.  I am trying to setup OpenVPN so I can remotely access my network (file shares, etc).  When I connect, I get an IP address, and I can ping the PFSense box, but I can't get to anything else on the LAN.
I followed this tutorial:
http://hardforum.com/showthread.php?t=1663797

Network setup:
ISP -> PFSense -> switch -> computers.  There's nothing that complicated.
LAN: 192.168.1.0/24
PFSense (same as gateway): 192.168.1.1

Server settings:
Disabled:  No
Server Mode:  Remote Access ( SSL/TLS )
Protocol:  UDP
Device Mode:  tap
Interface:  WAN
Local port:  1194
Enable authentication of TLS packets:  Yes
Peer Certificate Authority:  ****
Peer Certificate Revocation List:  <no certificate="" revocation="" lists="" (crls)="" defined="">Server Certificate:  ****
DH Parameters Length:  1024
Encryption algorithm:  AES-128-CBC
Hardware Crypto:  BSD cryptodev engine
Certificate Depth:  1
Tunnel Network:  <blank>Allow clients on the bridge to obtain DHCP:  Yes
Bridge Interface:  LAN
Server Bridge DHCP Start:  <blank>Server Bridge DHCP Start:  <blank>Force all client generated traffic through the tunnel:  Yes
Concurrent connection:  <blank>Compress tunnel packets using the LZO algorithm:  Yes
Set the TOS IP header value of tunnel packets to match the encapsulated packet value:  No
Allow communication between clients connected to this server:  No
Allow multiple concurrent connections from clients using the same Common Name:  No
Allow connected clients to retain their connections if their IP address changes:  Yes
Provide a virtual adapter IP address to clients (see Tunnel Network):  No
Provide a default domain name to clients:  No
Provide a DNS server list to clients:  No
Provide a NTP server list to clients:  No
Enable NetBIOS over TCP/IP:  No
Advanced:  <blank>Client settings:
dev tap
persist-tun
persist-key
proto udp
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote **** 1194
tls-remote "VPN"
pkcs12 pfsense-udp-1194.p12
tls-auth pfsense-udp-1194-tls.key 1
comp-lzo

Firewall rules:
I've set the rule allow anything (source=any, dest=any, type=any, port=any)  on LAN, OpenVPN, and the VPN adaptor that I created to bridge with my LAN.

Connection log:
Fri Sep 07 12:21:06 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Sep 07 12:21:06 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Sep 07 12:21:06 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
Fri Sep 07 12:21:06 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Sep 07 12:21:06 2012 Control Channel Authentication: using 'pfsense-udp-1194-tls.key' as a OpenVPN static key file
Fri Sep 07 12:21:06 2012 LZO compression initialized
Fri Sep 07 12:21:06 2012 UDPv4 link local (bound): [undef]:1194
Fri Sep 07 12:21:06 2012 UDPv4 link remote: ****:1194
Fri Sep 07 12:21:07 2012 [VPN] Peer Connection Initiated with ****:1194
Fri Sep 07 12:21:10 2012 TAP-WIN32 device [Local Area Connection 3] opened: \.\Global{CF343EC4-0130-44B4-BFFC-D893696914D9}.tap
Fri Sep 07 12:21:10 2012 Successful ARP Flush on interface [27] {CF343EC4-0130-44B4-BFFC-D893696914D9}
Fri Sep 07 12:21:15 2012 NOTE: unable to redirect default gateway – VPN gateway parameter (--route-gateway or --ifconfig) is missing
Fri Sep 07 12:21:15 2012 Initialization Sequence Completed
Fri Sep 07 12:24:32 2012 [VPN] Inactivity timeout (–ping-restart), restarting
Fri Sep 07 12:24:32 2012 SIGUSR1[soft,ping-restart] received, process restarting
Fri Sep 07 12:24:34 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Sep 07 12:24:34 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
Fri Sep 07 12:24:34 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Sep 07 12:24:34 2012 Re-using SSL/TLS context
Fri Sep 07 12:24:34 2012 LZO compression initialized
Fri Sep 07 12:24:46 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:24:58 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:25:15 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:25:32 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:25:49 2012 RESOLVE: Cannot resolve host address: ****: [NO_DATA] The requested name is valid but does not have an IP address.
Fri Sep 07 12:25:54 2012 UDPv4 link local (bound): [undef]:1194
Fri Sep 07 12:25:54 2012 UDPv4 link remote: ****:1194
Fri Sep 07 12:25:56 2012 [VPN] Peer Connection Initiated with ****:1194
Fri Sep 07 12:25:58 2012 Preserving previous TUN/TAP instance: Local Area Connection 3
Fri Sep 07 12:25:58 2012 Initialization Sequence Completed
Fri Sep 07 12:28:23 2012 SIGTERM[hard,] received, process exiting

Does anyone have any ideas?

Thanks</blank></blank></blank></blank></blank></no>

heper

did you actually create the bridge?  (interfaces–>assign-->bridges)

secretknight42

Yup, I did do that.