Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Connects but no access

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skent
      last edited by

      I have set up ovpn on 1.2-RC4 following the steps in the stickies in this forum.  I can connect the the remote vpn server and get an ip address (192.168.10.21) but if I try to use Remote Desktop to access a Terminal Server over the vpn I get:

      network problems caused you to be disconnected from the windows based computer
      

      If I try to ping the LAN interface of pfsense (192.168.1.1) I get:

      36 bytes from 10.4.1.1: Communication prohibited by filter
      Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
       4  5  00 0054 9e4f   0 0000  3e  01 5b9f 192.168.0.105  192.168.1.1
      

      Log file if that helps

      
      Thu 02/07/08 11:09 PM: WARNING: file 'daniels.key' is group or others accessible
      Thu 02/07/08 11:09 PM: LZO compression initialized
      Thu 02/07/08 11:09 PM: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
      Thu 02/07/08 11:09 PM: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
      Thu 02/07/08 11:09 PM: Local Options String: 'V4
      Thu 02/07/08 11:09 PM: Expected Remote Options String: 'V4
      Thu 02/07/08 11:09 PM: Local Options hash (VER=V4): '41690919'
      Thu 02/07/08 11:09 PM: Expected Remote Options hash (VER=V4): '530fdded'
      Thu 02/07/08 11:09 PM: Socket Buffers: R=[42080->65536] S=[9216->65536]
      Thu 02/07/08 11:09 PM: UDPv4 link local (bound): [undef]:1194
      Thu 02/07/08 11:09 PM: UDPv4 link remote: 151.196.##.###:1194
      Thu 02/07/08 11:09 PM: TLS: Initial packet from 151.196.##.###:1194
      Thu 02/07/08 11:09 PM: VERIFY OK: depth=1
      Thu 02/07/08 11:09 PM: VERIFY OK: nsCertType=SERVER
      Thu 02/07/08 11:09 PM: VERIFY OK: depth=0
      Thu 02/07/08 11:09 PM: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Thu 02/07/08 11:09 PM: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Thu 02/07/08 11:09 PM: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Thu 02/07/08 11:09 PM: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Thu 02/07/08 11:09 PM: Control Channel: TLSv1
      Thu 02/07/08 11:09 PM: [server] Peer Connection Initiated with 151.196.35.252:1194
      Thu 02/07/08 11:09 PM: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
      Thu 02/07/08 11:09 PM: PUSH: Received control message: 'PUSH_REPLY
      Thu 02/07/08 11:09 PM: OPTIONS IMPORT: timers and/or timeouts modified
      Thu 02/07/08 11:09 PM: OPTIONS IMPORT: --ifconfig/up options modified
      Thu 02/07/08 11:09 PM: OPTIONS IMPORT: route options modified
      Thu 02/07/08 11:09 PM: gw 192.168.0.1
      Thu 02/07/08 11:09 PM: TUN/TAP device /dev/tun0 opened
      Thu 02/07/08 11:09 PM: /sbin/ifconfig tun0 delete
      Thu 02/07/08 11:09 PM: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
      Thu 02/07/08 11:09 PM: /sbin/ifconfig tun0 192.168.10.22 192.168.10.21 mtu 1500 netmask 255.255.255.255 up
      Thu 02/07/08 11:09 PM: /sbin/route add -net 192.168.10.1 192.168.10.21 255.255.255.255
      Thu 02/07/08 11:09 PM: Initialization Sequence Completed
      
      

      Any ideas?

      Thanks

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        The log file makes it pretty clear you're not pushing any routes to the client.  As such it doesn't know how to get packets anywhere, so it'll never work ;)

        I'd guess you either need to add 192.168.1.0/24 to the "Local network" field or add push "redirect-gateway" to the "Custom Options" field.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.