OpenVPN´s remote clients don´t reach LAN resources
-
Hi fellows,
I´m apologize by any mistake, english isn´t my native language
I´m trying to run a OpenVPN server RoadWarrior, I'm running pfsense 2.1.3 i386
I cannot see where i have the issue, I describe the situation:Autentication: It´s ok, I can connect remotely over the internet with Mac OSX Tunnelblik client.
But… I cant access the LAN resources (shared folders in LAN devices, running Windows)
From remote client, when done ping, got response from pfSense´s LAN address, but didnt get answer from LAN device.
In the same way, I done ping from pfsense´s Diagnostics>Ping, changing "source" to LAN and OpenVPN Server, here is the results:
Hosts
Source Pfsense´s LAN (192.168.2.2) LAN Device (192.168.2.10)
LAN (on Diagnostics>Ping) - OK
OpenVPN (on Diagnostics>Ping) OK FAIL
Remote Client (connected by openvpn) OK FAILI left some images about my configuration and tests, if need aditional information, let me know please
Thanks in advance
-
hi,
things to check:
-
"play" button in front of firewall rule on openvpn-tab should be green. Gray means disabled
-
is the pfsense filled in as gateway on the lan-client?
-
-
Hi, thanks for your answer
1.- The "Play" button is green, when I generated gif, just assign 8 colors, thats why looks gray, but checked on PfSense and is green (I have not made changes, just look it)
2.-Yes, the PfSense is the gateway on LAN clients, assigned by itself (pfsense) by DHCP.
-
Ok I've checked that the client machine doesn't has a firewall
In the same way, I've try access from a windows machine, and didn't get it.
Im thinking (after readings other posts, by other problems) that it can be a issue for 2.1.3 installation (I've done a clean installation), maybe when get upgrade doesn't fail, but in clean installations, in order to check that, i'm thinking install a previous version, configure openvpn and once its running, update to version 2.1.3.
Any other suggestions?
Thanks in advance
-
there are no routuing issues with 2.1.3 in regards to openvpn. i run them on a dozen sites without issues.
it is almost certainly a configuration problem. additional screenshots will help: firewall rules / ovpn config / routes / packets captures,/…
-
Thanks for your answer.
I've said about issue, by a read on other posts, in that comments things like "open interface (ovpn server) and click save on that screen" this screen doesnt come with this installation.
You say that you have a dozen sites running, some of them were a clean installation? or all of them were updated?
Here are the OpenVPN config screen
Here is the routes on client
Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default dd-wrt UGSc 38 0 en1 10/24 10.0.0.5 UGSc 1 0 tun0 10.0.0.5 10.0.0.6 UH 3 0 tun0 10.37.129/24 link#8 UC 3 0 vnic1 10.37.129.2 0:1c:42:0:0:9 UHLWI 1 542 lo0 10.37.129.255 link#8 UHLWbI 1 2 vnic1 10.211.55/24 link#7 UC 3 0 vnic0 10.211.55.2 0:1c:42:0:0:8 UHLWI 0 2 lo0 10.211.55.255 link#7 UHLWbI 1 2 vnic0 127 localhost UCS 0 0 lo0 localhost localhost UH 6 5551 lo0 169.254 link#5 UCS 0 0 en1 192.168.1 link#5 UCS 4 0 en1 dd-wrt 0:40:77:bb:55:10 UHLWI 42 340 en1 1176 movil-josegil 0:1a:73:cb:9c:e3 UHLWI 0 105 en1 1193 macbook-ega localhost UHS 0 1 lo0 192.168.1.255 link#5 UHLWbI 3 39 en1 192.168.2 10.0.0.5 UGSc 0 0 tun0Thanks
-
most of my installations have been update from 2.0-Beta -> 2.0.1 -> 2.0.3 -> 2.1 -> 2.1.1 -> 2.1.2 -> 2.1.3
as far as i can tell, there is nothing wrong with your openvpn configuration.
for testing you could add a firewall rule on top of the openvpn-tab: PASS, PROTO:all, source:any , dest: some-lan-client-address, logging:onsee in logs, if it shows up when you try to ping the client … if it does, then i'd say it's a client issue. If not, then only packet-captures could help to explain what is happening