4. VPN Connects but no access

VPN Connects but no access

  • S

    I have set up ovpn on 1.2-RC4 following the steps in the stickies in this forum.  I can connect the the remote vpn server and get an ip address (192.168.10.21) but if I try to use Remote Desktop to access a Terminal Server over the vpn I get:

    network problems caused you to be disconnected from the windows based computer

    If I try to ping the LAN interface of pfsense (192.168.1.1) I get:

    36 bytes from 10.4.1.1: Communication prohibited by filter
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 9e4f   0 0000  3e  01 5b9f 192.168.0.105  192.168.1.1

    Log file if that helps

    
Thu 02/07/08 11:09 PM: WARNING: file 'daniels.key' is group or others accessible
Thu 02/07/08 11:09 PM: LZO compression initialized
Thu 02/07/08 11:09 PM: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu 02/07/08 11:09 PM: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu 02/07/08 11:09 PM: Local Options String: 'V4
Thu 02/07/08 11:09 PM: Expected Remote Options String: 'V4
Thu 02/07/08 11:09 PM: Local Options hash (VER=V4): '41690919'
Thu 02/07/08 11:09 PM: Expected Remote Options hash (VER=V4): '530fdded'
Thu 02/07/08 11:09 PM: Socket Buffers: R=[42080->65536] S=[9216->65536]
Thu 02/07/08 11:09 PM: UDPv4 link local (bound): [undef]:1194
Thu 02/07/08 11:09 PM: UDPv4 link remote: 151.196.##.###:1194
Thu 02/07/08 11:09 PM: TLS: Initial packet from 151.196.##.###:1194
Thu 02/07/08 11:09 PM: VERIFY OK: depth=1
Thu 02/07/08 11:09 PM: VERIFY OK: nsCertType=SERVER
Thu 02/07/08 11:09 PM: VERIFY OK: depth=0
Thu 02/07/08 11:09 PM: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu 02/07/08 11:09 PM: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu 02/07/08 11:09 PM: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu 02/07/08 11:09 PM: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu 02/07/08 11:09 PM: Control Channel: TLSv1
Thu 02/07/08 11:09 PM: [server] Peer Connection Initiated with 151.196.35.252:1194
Thu 02/07/08 11:09 PM: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu 02/07/08 11:09 PM: PUSH: Received control message: 'PUSH_REPLY
Thu 02/07/08 11:09 PM: OPTIONS IMPORT: timers and/or timeouts modified
Thu 02/07/08 11:09 PM: OPTIONS IMPORT: --ifconfig/up options modified
Thu 02/07/08 11:09 PM: OPTIONS IMPORT: route options modified
Thu 02/07/08 11:09 PM: gw 192.168.0.1
Thu 02/07/08 11:09 PM: TUN/TAP device /dev/tun0 opened
Thu 02/07/08 11:09 PM: /sbin/ifconfig tun0 delete
Thu 02/07/08 11:09 PM: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
Thu 02/07/08 11:09 PM: /sbin/ifconfig tun0 192.168.10.22 192.168.10.21 mtu 1500 netmask 255.255.255.255 up
Thu 02/07/08 11:09 PM: /sbin/route add -net 192.168.10.1 192.168.10.21 255.255.255.255
Thu 02/07/08 11:09 PM: Initialization Sequence Completed

    Any ideas?

    Thanks

    0
  • C

    The log file makes it pretty clear you're not pushing any routes to the client.  As such it doesn't know how to get packets anywhere, so it'll never work ;)

    I'd guess you either need to add 192.168.1.0/24 to the "Local network" field or add push "redirect-gateway" to the "Custom Options" field.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy