After connecting
-
UPDATE
Success in part!!! I can now surf the web via the pfsense box.
My error was having the Subnet of the LAN set as a common one (192.168.0.1) such that the remote network had the same and conflicted.
I changed the IP of the LAN to a different Subnet and changed the DHCP address pool range also to coincide. It was also necessary to tell the Access Point about this change.
I am still unable to view my network behind the pfsense box however.
Thanks to Nachfalke for turning me on to the "redirect traffic …" settings and to Marvosa for showing me the .conf file which when I stared at enough seemed to show me the possible problem to look into more.
I'm going to try the AP settings first to see if a problem there is stopping me get through to the Samba server.
-
Try to do something simple to test the connection behind your pfsense:
do a ping
do a tracert
make sure that the destination host (host behind pfsense) allows traffic from hosts on your VPN network. Disable the firewall for testing on these hosts.How do you connect to your samba server - by IP ? \ip.ip.ip.ip\share ?
Is the accesspoint doing NAT or routing or is it just acting as a wireless bridge ? IIn bridge mode it should be ok/work.
When doing routing on the AP then you need to define additional routes on OpenVPN Server. -
@ nachtfalke
The AP is in bridge mode so I guess the problem is not there.
I access the samba server Via explorer where it appears under "network".
So from what your saying its most likely a fire wall rule ( or lack there of )that allows traffic from samba server to VPN?
OR
Settings on the samba server itself???
Thanks again.
-
@ nachtfalke
The AP is in bridge mode so I guess the problem is not there.
I access the samba server Via explorer where it appears under "network".
So from what your saying its most likely a fire wall rule ( or lack there of )that allows traffic from samba server to VPN?
OR
Settings on the samba server itself???
Thanks again.
If you have "any to any" on OpenVPN firewall rule this should be ok.
Firewall on samba server - the firewall must allow traffic from the OpenVPN network - if your samba server has a firewall enabled.
On OpenVPN server GUI try to enable:
"Enable NetBIOS over TCP/IP" and try with "h-node" or some other setting.Which protocol and port do you use to connect to the samba server ?
enable logging on the OpenVPN firewall rule to get this information. -
Assuming you can ping across the VPN, on the server make sure you have the NMB service enabled and then put it's IP address under the WINS field in OpenVPN config.
-
Success
Ok Thanks again.
I can now access my "\server\guest share" over the VPN
Not sure if it was enabaling netbios or adding WINS server or neither.
When I get a second i'm going to back both of these off and see which one it was or if it was just user error and the problem was in fact fixed after I sorted the IP conflict.
I Am one happy Pfsense/OpenVpn user.
-
It's both. NMBD or WINS is the only way to resolve NETBIOS names in a routed VPN solution.
And the "Enable NetBIOS over TCP/IP" check box, it tells you right next to it:
"If this option is not set, all NetBIOS-over-TCP/IP options (including WINS) will be disabled."
So, the answer is both.
-
You can do it without WINS, actually, but you will need something else (DNS, hosts file, etc) to resolve your names.
-
Doing it without WINS would be nice as I read that WINS is open to abuse and unreliable (wiki) Thanks for the info Extide.
So its as simple as editing my host file to resolve the name of the server to the IP?
-
Yes, you can do it that way. As long as you have NetBIOS over TCP/IP and can ping the server by name (which should resolve into the IP) you should be good to go.
-
In that case say your fqdn is server.something.tld place something.tld in "DNS-Domainname," pfsense LAN IP in "DNS-Server" and make sure you can resolve fqdn through pfsense (place it in Services > DNS Resolver) and you should be able to open up \server as well.
Disable nmb service, remove WINS from OpenVPN and don't forget to reconnect.