Openvpn, how to ping computers on the client side. XP Pro running the client.
-
Hi everyone I have a question. I am running pfsense 2.0.3 at home and I am able to connect to my sever using a Windows XP machine from my office just fine. I am able to connect to my pfsense and ping the computers behind the pfsense box on the network. What I would like to do is able to ping the computers on the client side of the network. I am able to ping the XP machine just fine but not the other machine on the client side. So at this point, I am only to ping in one direction.
I did some googling and read several articles but I don’t think I have grasped the whole concept yet about routing. I’ve edited my ovpn file on the client side and also in the Advance Options side of pfsense but I have yet to be able to ping any of the machines on the XP client side.
Here is my setup:Pfsense box
LAN IP: 192.168.0.2
TUN: 10.0.8.1Windows XP Pro (Openvpn Client)
LAN: 10.16.210.55
TUN: 10.0.8.6
Here is my XP client ovpn file:client
dev tun
proto tcp
remote myvpnserver.com 443
ping 10
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert remote.crt
key remote.key
comp-lzo
pull
verb 3redirect-gateway def1
So I guess you can say I am using my XP Pro as a router of sorts. Any help on this would be greatly appreciated…
Thanks!
-
I don't think XP Pro is going to work like a router. But in any case, other machines on the office LAN will have their gateway set to the real office router, which takes them (and your XP Pro client) out to the internet. When a ping request comes from something on your home LAN (e.g. 192.168.0.11), even if it does make it all the way to the destination IP in your office, that office device will send the reply to the real office router, which does not know how to send the reply back.
Is this an offfice of your own business?
If so, then use pfSense as the office router and have a site-to-site OpenVPN link back to home.
If not, then I doubt that the office wants their LAN devices to interact with things at your home. -
Thanks for the reply! Yes this is my office and I do IT work remotely and troubleshoot PCs. As you suggested, the best bet is setting up another pfsense box here at the office and making that the gateway. I figured I could "MacGyver" something up by tweaking IPEnableRouter registry setting on XP, and maybe using some coconuts and duct tape to make it work ;D.. Thank again.
-
I don't know what you have now as your office router, but if it is not pfSense already, then I would replace it with pfSense. Then you have 1 router that can do it all easily.
If you put a separate pfSense router in your office LAN somewhere, then you will have to add static route/s to your office router telling it about the pfSense and what subnets are reached through that.
Also, I would change 192.168.0.0/24 at home to some other less popular private subnet - e.g. use something in 10.0.0.0/8. That will avoid pain when you take your laptop to a cafe that uses 192.168.0.0/24 and try to VPN back home.