OpenVPN´s remote clients don´t reach LAN resources



  • Hi fellows,

    I´m apologize by any mistake, english isn´t my native language

    I´m trying to run a OpenVPN server RoadWarrior, I'm running pfsense 2.1.3 i386
    I cannot see where i have the issue, I describe the situation:

    Autentication: It´s ok, I can connect remotely over the internet with Mac OSX Tunnelblik client.

    But… I cant access the LAN resources (shared folders in LAN devices, running Windows)

    From remote client, when done ping, got response from pfSense´s LAN address, but didnt get answer from LAN device.

    In the same way, I done ping from pfsense´s Diagnostics>Ping, changing "source" to LAN and OpenVPN Server, here is the results:

    Hosts
    Source                                                                      Pfsense´s LAN (192.168.2.2)                LAN Device (192.168.2.10)
    LAN (on Diagnostics>Ping)                                                                  -                                                      OK
    OpenVPN (on Diagnostics>Ping)                                                        OK                                                  FAIL
    Remote Client (connected by openvpn)                                            OK                                                  FAIL

    I left some images about my configuration and tests, if need aditional information, let me know please

    Thanks in advance















  • hi,

    things to check:

    • "play" button in front of firewall rule on openvpn-tab should be green. Gray means disabled

    • is the pfsense filled in as gateway on the lan-client?



  • Hi, thanks for your answer

    1.- The "Play" button is green, when I generated gif, just assign 8 colors, thats why looks gray, but checked on PfSense and is green (I have not made changes, just look it)

    2.-Yes, the PfSense is the gateway on LAN clients, assigned by itself (pfsense) by DHCP.



  • Ok I've checked that the client machine doesn't has a firewall

    In the same way, I've try access from a windows machine, and didn't get it.

    Im thinking (after readings other posts, by other problems) that it can be a issue for 2.1.3 installation (I've done a clean installation), maybe when get upgrade doesn't fail, but in clean installations, in order to check that, i'm thinking install a previous version, configure openvpn and once its running, update to version 2.1.3.

    Any other suggestions?

    Thanks in advance



  • there are no routuing issues with 2.1.3 in regards to openvpn. i run them on a dozen sites without issues.

    it is almost certainly a configuration problem. additional screenshots will help: firewall rules / ovpn config / routes / packets captures,/…



  • Thanks for your answer.

    I've said about issue, by a read on other posts, in that comments things like "open interface (ovpn server) and click save on that screen" this screen doesnt come with this installation.

    You say that you have a dozen sites running, some of them were a clean installation? or all of them were updated?

    Here are the OpenVPN config screen

    Here is the routes on client

    Routing tables
    
    Internet:
    Destination        Gateway            Flags        Refs      Use   Netif Expire
    default            dd-wrt             UGSc           38        0     en1
    10/24              10.0.0.5           UGSc            1        0    tun0
    10.0.0.5           10.0.0.6           UH              3        0    tun0
    10.37.129/24       link#8             UC              3        0   vnic1
    10.37.129.2        0:1c:42:0:0:9      UHLWI           1      542     lo0
    10.37.129.255      link#8             UHLWbI          1        2   vnic1
    10.211.55/24       link#7             UC              3        0   vnic0
    10.211.55.2        0:1c:42:0:0:8      UHLWI           0        2     lo0
    10.211.55.255      link#7             UHLWbI          1        2   vnic0
    127                localhost          UCS             0        0     lo0
    localhost          localhost          UH              6     5551     lo0
    169.254            link#5             UCS             0        0     en1
    192.168.1          link#5             UCS             4        0     en1
    dd-wrt             0:40:77:bb:55:10   UHLWI          42      340     en1   1176
    movil-josegil      0:1a:73:cb:9c:e3   UHLWI           0      105     en1   1193
    macbook-ega        localhost          UHS             0        1     lo0
    192.168.1.255      link#5             UHLWbI          3       39     en1
    192.168.2          10.0.0.5           UGSc            0        0    tun0
    
    

    Thanks



  • most of my installations have been update from 2.0-Beta -> 2.0.1 -> 2.0.3 -> 2.1 -> 2.1.1 -> 2.1.2 -> 2.1.3

    as far as i can tell, there is nothing wrong with your openvpn configuration.
    for testing you could add a firewall rule on top of the openvpn-tab: PASS, PROTO:all, source:any , dest: some-lan-client-address, logging:on

    see in logs, if it shows up when you try to ping the client … if it does, then i'd say it's a client issue. If not, then only packet-captures could help to explain what is happening


Log in to reply