[Solved]Open VPN kinda,sorta,notreally working



  • Ok, so i've followed the instructions i found here: http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN , which seems to be the same instructions i've seen all over the place.

    Things seem to be working, as far as i have a client setup, it connects to the VPN and gets an IP.  But beyond that…i can't connect from the client to a share on a Win2000 machine on the LAN, i can't connect from the 2000 machine to the client, can't ping the vpn client from the 2000 machine, or vice versa.

    I've tried Diagnostic > Ping on the router to the client, and even the router can't seem to ping it...but then how the heck is the client getting a DHCP address from it?  I'm getting a little confused here.

    WAN on the router is straight out to the net on our T1, LAN is 192.168.2.0/24, OpenVPN clients are pulling DHCP from the 192.168.10.0/24 range....

    I've read the instructions over and over looking for what i may have missed, and i'm not seeing it.  The client is running XP with the Firewall off and no antivirus, LAN pc is win2000, no firewalls or antivirus.

    The only other posts i've seen in the forum that sound similar to the problems i am having have been to do with the LAN PC(s) not having the pfsense box as the default gateway, but that's not my problem.

    Any ideas anyone has would be appreciated....



  • wow…over 170 views and a week later, and no one has any ideas...?



  • It probably comes under the heading of "too little information".

    It could be a routing problem - does the Win2K machine have the OpenVPN server as it's default gateway?



  • @havoc3d:

    The only other posts i've seen in the forum that sound similar to the problems i am having have been to do with the LAN PC(s) not having the pfsense box as the default gateway, but that's not my problem.

    Let me know what info you need and i'll get it posted up.

    I agree, it's pretty much got to be a routing problem…the route tables on the vpn client pc look pretty correct as far as i can tell; i can post that up here if it helps.



  • Can you post a network diagram.

    Otherwise, things to check include firewall rules on both ends of the OpenVPN link.  I'd actually suggest that a visit to the OpenVPN site (openvpn.net) and their documentation may prove useful.



  • Here's a little Net Map.  I've tried hooking the pfsense machine directly out the internet, incase you're curious; that didn't work, so i moved it back to my mock-up setup.




  • Right, with that diagram, where is the client and where are the devices that client is trying to access?  Can you post the configs for your OpenVPN server and client.



  • sorry i didn't notate that.  WinXP laptop is the client side, and for the purpose of this test, i'm trying to get to a shared folder on the win2k machine.  Shared folder is R/W - Everyone, just to make sure there's no problems with permissions.



  • Right, so, double checks:

    1. When you connect to the VPN the client gets a route inserted for the remote subnet?

    2. Any software firewall on the Win2K box is disabled?

    3. Any software firewall on the WinXP box is disabled for the OpenVPN tunnel?

    4. The WinXP box can ping the 192.168.2.x address of the pfSense host?

    5. The .0 addresses do refer to the networks, not host addresses



  • Got it.  LZ0 compression is on in the config file supplied with the how-to in the wiki, but i did not have it turn on @ the pfsense.  Removed the LZ0 line from the client config, and everything seems ok.


Log in to reply