Openvpn cannot access to lan

aykiri1 · Feb 3, 2014, 10:20 AM

hi heper.

thats outputs

C:\Users\Live>tracert -d 192.168.7.5

En çok 30 atlamanın üstünde 192.168.7.5'e giden yolu izlemek

1 15 ms 14 ms 14 ms 192.168.5.1
2 57 ms 59 ms 39 ms 195.87.128.19
3 54 ms 44 ms 74 ms 46.234.2.17
4 * * * İstek zaman aşımına uğradı. (its mean timeout)
5 * * * İstek zaman aşımına uğradı.
6 * * * İstek zaman aşımına uğradı.
7 * * * İstek zaman aşımına uğradı.
8 * * * İstek zaman aşımına uğradı.
9 ^C
C:\Users\Live>

C:\Users\xpx>tracert -d 10.0.6.6

En çok 30 atlamanın üstünde 10.0.6.6 'e giden yolu izlemek

1 * * * İstek zaman aşımına uğradı. (its mean timeout)
2 * * * İstek zaman aşımına uğradı.
3 * * * İstek zaman aşımına uğradı.
4 * * * İstek zaman aşımına uğradı.
5 * * * İstek zaman aşımına uğradı.
6 ^C

phil.davis · Feb 3, 2014, 10:43 AM

That is very strange. It is routing from the OpenVPN client across the VPN link to pfSense, but then pfSense is sending it out the WAN 192.168.5.1 to the public internet. I can't think how that could happen, because 192.168.7.5 is on the local LAN of pfSense, so it has to be delivered directly there.
What is in Diagnostics->Routes IPv4 section on pfSense?

aykiri1 · Feb 3, 2014, 11:57 AM

hi phil its output.

and i see on ipconfig
–-------
Ethernet bağdaştırıcı Yerel Ağ Bağlantısı 2:

Bağlantıya özgü DNS Soneki . . . :
Açıklama . . . . . . . . . . . . : TAP-Windows Adapter V9
Fiziksel Adres. . . . . . . . . . : 00-FF-xx-13-xx-xx
Dhcp Etkin. . . . . . . . . . . . : Evet
Otomatik Yapılandırma Etkin. . . : Evet
Bağlantı Yerel IPv6 Adresi . . . . . : fe80::cc54:cc25:9cde:cc83%cc(Tercih Edilen)
IPv4 Adresi. . . . . . . . . . . : 10.0.6.6(Tercih Edilen)
Alt Ağ Maskesi. . . . . . . . . . : 255.255.255.252
Kira Sağlanan. . . . . . . . . . : 03 Şubat 2014 Pazartesi 09:57:29
Kira Bitişi . . . . . . . . . . . : 03 Şubat 2015 Salı 09:57:28
Varsayılan Ağ Geçidi. . . . . . . : (gateway empty)
DHCP Sunucusu . . . . . . . . . . : 10.0.6.5
DHCPv6 IAID . . . . . . . . . . . : 419495841
DHCPv6 İstemcisi DUID'si. . . . . . . . : 00-xx-00-01-19-E8-xx-xx-60-A4-xx-2B

gateway is empty is it normal ?

changed openvpn gateway to default and take again tracert

C:\Users\Live>tracert -d 192.168.7.5

En çok 30 atlamanın üstünde 192.168.7.5'e giden yolu izlemek

1 28 ms 13 ms 53 ms 10.0.6.1
2 * * * İstek zaman aşımına uğradı. (timeout)

aykiri1 · Feb 3, 2014, 4:36 PM

any suggest from specialists ?

sgtr · Feb 3, 2014, 8:53 PM

Hi Everyone,

Firstly @aykiri1

I confused. Because there was one network when you started this topic. And then there are many networks (192.168.4.0/24, 192.168.5.0/24, 192.168.6.0/24, 192.168.7.0/24 and your tunnel networks).

what are your adsl modem ip and your pfSense wan and Lan ip address? You told us that adsl modem ip changed 192.168.6.1 and you pfSense LAn ip address 192.168.7.2

@aykiri1:

hi phil

it was my mistake sorry.

wan and lan was not same. it was 5.2 and 6.2 i was mistake from wan gateway and wan.
just. i changed ips but not success again.

now system.
(wan 192.168.5.2 wangw 192.168.5.1)
adsl_router(192.168.5.1-255.255.255.0) –------- pfsense (192.168.7.2-255.255.255.0) <<< 15 LAN PC (192.168.7.XX 255.255.255.0)
|
|
remote pc 10.0.6.6

from vpn client side connecting to vpnserver is OK. connecting web access OK. connecting internet from pfsense OK.
no ping and access client pc's. (firewall tab openvpn . any to any pass)
regards

ipconfig

Ethernet bağdaştırıcı Yerel Ağ Bağlantısı 2:

Bağlantıya özgü DNS Soneki . . . :
Açıklama . . . . . . . . . . . . : TAP-Windows Adapter V9
Fiziksel Adres. . . . . . . . . . : 00-FF-xx-13-xx-xx
Dhcp Etkin. . . . . . . . . . . . : Evet
Otomatik Yapılandırma Etkin. . . : Evet
Bağlantı Yerel IPv6 Adresi . . . . . : fe80::cc54:cc25:9cde:cc83%cc(Tercih Edilen)
IPv4 Adresi. . . . . . . . . . . : 10.0.6.6(Tercih Edilen)
Alt Ağ Maskesi. . . . . . . . . . : 255.255.255.252
Kira Sağlanan. . . . . . . . . . : 03 Şubat 2014 Pazartesi 09:57:29
Kira Bitişi . . . . . . . . . . . : 03 Şubat 2015 Salı 09:57:28
Varsayılan Ağ Geçidi. . . . . . . :
DHCP Sunucusu . . . . . . . . . . : 10.0.6.5
DHCPv6 IAID . . . . . . . . . . . : 419495841
DHCPv6 İstemcisi DUID'si. . . . . . . . : 00-xx-00-01-19-E8-xx-xx-60-A4-xx-2B
-99-0E
DNS Sunucusu. . . . . . . . . . . : fxx0:0:0:ffff::xxx
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Tcpip üzerinden NetBIOS. . . . . . . . : Etkin

Ethernet bağdaştırıcı Yerel Ağ Bağlantısı:

Bağlantıya özgü DNS Soneki . . . :
Açıklama . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Fiziksel Adres. . . . . . . . . . : xx-A4-4C-xx-99-xx
Dhcp Etkin. . . . . . . . . . . . : Hayır
Otomatik Yapılandırma Etkin. . . : Evet
Bağlantı Yerel IPv6 Adresi . . . . . : fexx::294a:cc75:d957:xe2xx%11(Tercih Edlen)
IPv4 Adresi. . . . . . . . . . . : 192.168.4.174(Tercih Edilen)
Alt Ağ Maskesi. . . . . . . . . . : 255.255.255.0
Varsayılan Ağ Geçidi. . . . . . . : 192.168.4.1
DHCPv6 IAID . . . . . . . . . . . : 241214540
DHCPv6 İstemcisi DUID'si. . . . . . . . : 00-01-00-01-19-E8x-A3-xx-A40E
DNS Sunucusu. . . . . . . . . . . : 192.168.4.1
Tcpip üzerinden NetBIOS. . . . . . . . : Etkin

route list

IPv4 Yol Tablosu

Etkin Yollar:
Ağ Hedefi Ağ Maskesi Ağ Geçidi Arabirim Ölçüt
0.0.0.0 0.0.0.0 192.168.4.1 192.168.4.174 276
10.0.6.1 255.255.255.255 10.0.6.5 10.0.6.6 30
10.0.6.4 255.255.255.252 On-link 10.0.6.6 286
10.0.6.6 255.255.255.255 On-link 10.0.6.6 286
10.0.6.7 255.255.255.255 On-link 10.0.6.6 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.4.0 255.255.255.0 On-link 192.168.4.174 276
192.168.4.174 255.255.255.255 On-link 192.168.4.174 276
192.168.4.255 255.255.255.255 On-link 192.168.4.174 276
192.168.7.0 255.255.255.0 10.0.6.5 10.0.6.6 30
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.4.174 276
224.0.0.0 240.0.0.0 On-link 10.0.6.6 286
224.0.0.0 240.0.0.0 On-link 192.168.59.1 276
224.0.0.0 240.0.0.0 On-link 192.168.133.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.4.174 276
255.255.255.255 255.255.255.255 On-link 10.0.6.6 286
255.255.255.255 255.255.255.255 On-link 192.168.59.1 276
255.255.255.255 255.255.255.255 On-link 192.168.133.1 276

aykiri1 · Feb 3, 2014, 9:09 PM

hi SGTR

my second lan and second wan interfaces not important becasue i want to access only lan1 (LAN)

ofcourse i made changes when get info from someone then test by test.

(wan=192.168.6.2 wangw=192.168.6.1)
modem ip 192.168.6.1–-------------------------pfsense (lan 192.168.7.2)------------------------------ clients 192.168.7.xx
|
|
openvpn client 10.0.6.6

firewall rule opnvpn any to any and any port pass added
openv vpn client connecing to server get ip 10.0.6.6 web access pfsense OK. internet OK. lan access NOK

thx

aykiri1 · Feb 4, 2014, 10:52 AM

when i using client export (with execute setup) i must change ip adress

this client openvpn conf

dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 192.168.6.2 1194 udp
lport 0
verify-x509-name "xxxxx" name
auth-user-pass
pkcs12 secure-udp-1194-vpn1.p12
tls-auth secure-udp-1194-vpn1-tls.key 1
ns-cert-type server
comp-lzo

this red value i changing to wan ip adress.
what is the problem ?

heper · Feb 4, 2014, 11:00 AM

pfsense sets the interface ip in the client-config … in your case this is probably 192.168.....

aykiri1 · Feb 4, 2014, 4:27 PM

i fixed it. i changed lan and lan2 ip's 1 to 2 2 to 1 then access now. i think problem is push route. not sure.
thanks all.

some pc's not pinging from vpnclient. and firewall disabled. must i make any ?

heper · Feb 4, 2014, 10:03 PM

if "some" pc's are not working and others in the same subnet are working, then the ones that don't work, probably have a wrong gateway set in their config or have a local firewall