VPN Connects but no access



  • I have set up ovpn on 1.2-RC4 following the steps in the stickies in this forum.  I can connect the the remote vpn server and get an ip address (192.168.10.21) but if I try to use Remote Desktop to access a Terminal Server over the vpn I get:

    network problems caused you to be disconnected from the windows based computer
    

    If I try to ping the LAN interface of pfsense (192.168.1.1) I get:

    36 bytes from 10.4.1.1: Communication prohibited by filter
    Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
     4  5  00 0054 9e4f   0 0000  3e  01 5b9f 192.168.0.105  192.168.1.1
    

    Log file if that helps

    
    Thu 02/07/08 11:09 PM: WARNING: file 'daniels.key' is group or others accessible
    Thu 02/07/08 11:09 PM: LZO compression initialized
    Thu 02/07/08 11:09 PM: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Thu 02/07/08 11:09 PM: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Thu 02/07/08 11:09 PM: Local Options String: 'V4
    Thu 02/07/08 11:09 PM: Expected Remote Options String: 'V4
    Thu 02/07/08 11:09 PM: Local Options hash (VER=V4): '41690919'
    Thu 02/07/08 11:09 PM: Expected Remote Options hash (VER=V4): '530fdded'
    Thu 02/07/08 11:09 PM: Socket Buffers: R=[42080->65536] S=[9216->65536]
    Thu 02/07/08 11:09 PM: UDPv4 link local (bound): [undef]:1194
    Thu 02/07/08 11:09 PM: UDPv4 link remote: 151.196.##.###:1194
    Thu 02/07/08 11:09 PM: TLS: Initial packet from 151.196.##.###:1194
    Thu 02/07/08 11:09 PM: VERIFY OK: depth=1
    Thu 02/07/08 11:09 PM: VERIFY OK: nsCertType=SERVER
    Thu 02/07/08 11:09 PM: VERIFY OK: depth=0
    Thu 02/07/08 11:09 PM: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu 02/07/08 11:09 PM: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu 02/07/08 11:09 PM: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Thu 02/07/08 11:09 PM: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Thu 02/07/08 11:09 PM: Control Channel: TLSv1
    Thu 02/07/08 11:09 PM: [server] Peer Connection Initiated with 151.196.35.252:1194
    Thu 02/07/08 11:09 PM: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Thu 02/07/08 11:09 PM: PUSH: Received control message: 'PUSH_REPLY
    Thu 02/07/08 11:09 PM: OPTIONS IMPORT: timers and/or timeouts modified
    Thu 02/07/08 11:09 PM: OPTIONS IMPORT: --ifconfig/up options modified
    Thu 02/07/08 11:09 PM: OPTIONS IMPORT: route options modified
    Thu 02/07/08 11:09 PM: gw 192.168.0.1
    Thu 02/07/08 11:09 PM: TUN/TAP device /dev/tun0 opened
    Thu 02/07/08 11:09 PM: /sbin/ifconfig tun0 delete
    Thu 02/07/08 11:09 PM: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
    Thu 02/07/08 11:09 PM: /sbin/ifconfig tun0 192.168.10.22 192.168.10.21 mtu 1500 netmask 255.255.255.255 up
    Thu 02/07/08 11:09 PM: /sbin/route add -net 192.168.10.1 192.168.10.21 255.255.255.255
    Thu 02/07/08 11:09 PM: Initialization Sequence Completed
    
    

    Any ideas?

    Thanks



  • The log file makes it pretty clear you're not pushing any routes to the client.  As such it doesn't know how to get packets anywhere, so it'll never work ;)

    I'd guess you either need to add 192.168.1.0/24 to the "Local network" field or add push "redirect-gateway" to the "Custom Options" field.


Locked