VPN Connects but no access
-
I have set up ovpn on 1.2-RC4 following the steps in the stickies in this forum. I can connect the the remote vpn server and get an ip address (192.168.10.21) but if I try to use Remote Desktop to access a Terminal Server over the vpn I get:
network problems caused you to be disconnected from the windows based computerIf I try to ping the LAN interface of pfsense (192.168.1.1) I get:
36 bytes from 10.4.1.1: Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 9e4f 0 0000 3e 01 5b9f 192.168.0.105 192.168.1.1Log file if that helps
Thu 02/07/08 11:09 PM: WARNING: file 'daniels.key' is group or others accessible Thu 02/07/08 11:09 PM: LZO compression initialized Thu 02/07/08 11:09 PM: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu 02/07/08 11:09 PM: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Thu 02/07/08 11:09 PM: Local Options String: 'V4 Thu 02/07/08 11:09 PM: Expected Remote Options String: 'V4 Thu 02/07/08 11:09 PM: Local Options hash (VER=V4): '41690919' Thu 02/07/08 11:09 PM: Expected Remote Options hash (VER=V4): '530fdded' Thu 02/07/08 11:09 PM: Socket Buffers: R=[42080->65536] S=[9216->65536] Thu 02/07/08 11:09 PM: UDPv4 link local (bound): [undef]:1194 Thu 02/07/08 11:09 PM: UDPv4 link remote: 151.196.##.###:1194 Thu 02/07/08 11:09 PM: TLS: Initial packet from 151.196.##.###:1194 Thu 02/07/08 11:09 PM: VERIFY OK: depth=1 Thu 02/07/08 11:09 PM: VERIFY OK: nsCertType=SERVER Thu 02/07/08 11:09 PM: VERIFY OK: depth=0 Thu 02/07/08 11:09 PM: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu 02/07/08 11:09 PM: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu 02/07/08 11:09 PM: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu 02/07/08 11:09 PM: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu 02/07/08 11:09 PM: Control Channel: TLSv1 Thu 02/07/08 11:09 PM: [server] Peer Connection Initiated with 151.196.35.252:1194 Thu 02/07/08 11:09 PM: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu 02/07/08 11:09 PM: PUSH: Received control message: 'PUSH_REPLY Thu 02/07/08 11:09 PM: OPTIONS IMPORT: timers and/or timeouts modified Thu 02/07/08 11:09 PM: OPTIONS IMPORT: --ifconfig/up options modified Thu 02/07/08 11:09 PM: OPTIONS IMPORT: route options modified Thu 02/07/08 11:09 PM: gw 192.168.0.1 Thu 02/07/08 11:09 PM: TUN/TAP device /dev/tun0 opened Thu 02/07/08 11:09 PM: /sbin/ifconfig tun0 delete Thu 02/07/08 11:09 PM: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure Thu 02/07/08 11:09 PM: /sbin/ifconfig tun0 192.168.10.22 192.168.10.21 mtu 1500 netmask 255.255.255.255 up Thu 02/07/08 11:09 PM: /sbin/route add -net 192.168.10.1 192.168.10.21 255.255.255.255 Thu 02/07/08 11:09 PM: Initialization Sequence CompletedAny ideas?
Thanks
-
The log file makes it pretty clear you're not pushing any routes to the client. As such it doesn't know how to get packets anywhere, so it'll never work ;)
I'd guess you either need to add 192.168.1.0/24 to the "Local network" field or add push "redirect-gateway" to the "Custom Options" field.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.