Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New build - Open VPN connects, but only IP I can use is the PFSense LAN interfac

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mervincm
      last edited by

      New build new install, performed as listed below.
      Open VPN installed as indicated in the video, but I added my internal DNS, and changed the client export tool to use my dynamic dns name.

      When external (windows 8.1 client) I can connect without issue.  I can also open up my pfSense web configuration GUI via chrome, but thats it.  opening up any other web server in my lab fails to connect, and they are all in the same subnet.
      PFSense 2.1 Build

      From Console
      WAN>RE0 LAN>RE1
      Set Interfaces
      WAN
      IPV4 DHCP - y
      IPV6 DHCP - n
      IPV6 address - n
      -reboot and test - OK
      Set interfaces
      LAN
      ip>192.168.110.1 /24
      no gateway
      DHCP server yes 192.168.110.100-192.168.110.200
      IPV6 - none
      Enable secure shell
      Disable boot menu
      exit to shell
      sysctl kern.geom.debugflags=16
      fdisk -B ad4
      y y
      sysctl kern.geom.debugflags=0
      -reboot and test - OK
      Move to web configuration tool
      logon admin pfsense
      hostname >rtr
      domain xx.xxxxx.ca
      timeserver to ca.pool.ntp.org
      timezone to America/Edmonton
      WAN Page > next
      LAN page > next
      set admin password to XXXXXXXX
      refresh browser on (192.168.110.1)
      Add features to dashboard
      DYNDNS, Gateways, Interface stats, Firewall logs, OpenVPN, PFBlocker, services status, traffic graphs
      SAVE settings

      Complete remove of IPV6
      system>advanced>networking> uncheck allow IPV6 Save

      Check System logs
      status>system logs>settings>GUI LOG entries 50>250
      -reboot and check logs for errors

      Add BandwidthD package and enable
      SYSTEM>PACKAGES>Available>install bandwidthD
      services>bandwidthD> enable and save

      Add OpenVPN Client Export Utility
      SYSTEM>PACKAGES>Available>install OpenVPN Client Export Utility

      Configure Dynamic DNS
      SERVICES>Dynamic DNS

      backup pfsense to file

      setup OpenVPN
      https://www.youtube.com/watch?v=VdAHVSTl1ys

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        Post your server1.conf.

        1 Reply Last reply Reply Quote 0
        • M
          mervincm
          last edited by

          dev ovpns1
          dev-type tun
          tun-ipv6
          dev-node /dev/tun1
          writepid /var/run/openvpn_server1.pid
          #user nobody
          #group nobody
          script-security 3
          daemon
          keepalive 10 60
          ping-timer-rem
          persist-tun
          persist-key
          proto udp
          cipher AES-128-CBC
          up /usr/local/sbin/ovpn-linkup
          down /usr/local/sbin/ovpn-linkdown
          client-connect /usr/local/sbin/openvpn.attributes.sh
          client-disconnect /usr/local/sbin/openvpn.attributes.sh
          local 96.52.127.120
          tls-server
          server 192.168.2.0 255.255.255.0
          client-config-dir /var/etc/openvpn-csc
          username-as-common-name
          auth-user-pass-verify /var/etc/openvpn/server1.php via-env
          tls-verify /var/etc/openvpn/server1.tls-verify.php
          lport 1194
          management /var/etc/openvpn/server1.sock unix
          max-clients 10
          push "route 192.168.110.0 255.255.255.0"
          push "dhcp-option DOMAIN cm.5mars.ca"
          push "dhcp-option DNS 192.168.110.3"
          push "dhcp-option DNS 192.168.110.4"
          push "dhcp-option DNS 8.8.8.8"
          client-to-client
          ca /var/etc/openvpn/server1.ca
          cert /var/etc/openvpn/server1.cert
          key /var/etc/openvpn/server1.key
          dh /etc/dh-parameters.1024
          tls-auth /var/etc/openvpn/server1.tls-auth 0
          comp-lzo
          persist-remote-ip
          float

          1 Reply Last reply Reply Quote 0
          • M
            mervincm
            last edited by

            Also should add that I installed the client as an administrator, logged into windows also as a local admin, and I launched the client post install run as administrator.
            also I got the file from here /var/etc/openvpn/server1.conf using the diagnostics, edit a file tool (for the next guy)

            1 Reply Last reply Reply Quote 0
            • R
              richcj10gmail.com
              last edited by

              I have the same problem. Any ideas?

              1 Reply Last reply Reply Quote 0
              • R
                richcj10gmail.com
                last edited by

                It was a config error on my SMB server.

                1 Reply Last reply Reply Quote 0
                • M
                  mervincm
                  last edited by

                  I have not tried anything as complex as SMB yet :)  I am concentrating on simple things like the embedded web management sites in my NAS and network devices.

                  Access to the pfsense web config page at 192.168.110.1 works fine, access to my nas web config port at 192.168.110.14 does not.

                  Is there any other info I can post or tests that I can go that would be helpful?  TIA

                  1 Reply Last reply Reply Quote 0
                  • M
                    marvosa
                    last edited by

                    mervincm, post a network map, so we can see how things are laid out.  Also, post the routing table of the client when connected.

                    You said your NAS is on 192.168.110.14, how are you trying to access that?  Can you ping it?

                    1 Reply Last reply Reply Quote 0
                    • R
                      richcj10gmail.com
                      last edited by

                      I My problem was fixed, for my phone.
                      When I sign in on to my network at my office, I can't access anything…

                      1 Reply Last reply Reply Quote 0
                      • M
                        mervincm
                        last edited by

                        This thread can be considered closed.  believe it or not, I had not cabled to tie the LAN segment to the switch with the other devices I was attempting to connect to.  Everything is connecting as expected.
                        :-[

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.