SOLVED: ping is possible, but nothing else… (proxy server got in the way!)
I've set up the OpenVPN server on the Pfsense at my work, and installed a client at my home computer. The strange problem is I can ping LAN clients at my office without any problems, but when I look them up in Windows XP, then it won't find these same clients. Does anyone have a possible solution for this really strange behavior?
Thanks in advance!
How do you "look them up"?
"My Network Places"?
This folder only contains SMB shares that are found via broadcast (–> the current local subnet).
To connect to a SMB share you have to connect to it using "\IP"
Ok. Indeed I tried it in network places just by typing the IP-adress, just like I was used to with a PPTP-connection. I'm not a professional on these things; what is SMB and what is SMN?
SMB = Samba = Server Message Block
SMN is a typo ::) (too much playing FFXI where SMN is a Summoner :D)
But if you can ping you should be able to connect to by typing something like \192.168.1.10 or similar.
If you cannot: Are you sure that you are sharing something on the target computer? Is the firewall turned off/allows SMB connections?
Ok. I suppose I have to relearn my English. No one would understand it if I would type SMN instead of SMB ;D
The strange thing is that I can ping, but even the \IP in internet explorer doesn't get me anywhere. Even stranger: RDC works, but when logged in, I can't click anything with the mouse. After about 20 clicks the connection with RDC brakes down…
I turned on the PPTP server on the Pfsense to get an unlimited access. Then I disabled the windows firewall and avast (security) by RDC. On the client side there isn't any firewall.
On both sides there's a pfsense. I opened the firewalls completely on both sides, so that couldn't be a problem, I guess. On the pfsense at my
In the OpenVPN on the pfsense I have tried a push "route 192.168.x.0 255.255.255.0" (where the IP-range is the local subnet on the serverside.
Well, what do you think?
I DISCOVERED IT!
This was the problem:
On my local pfsense (client side) I installed a proxy server. On the tabs 'access control - allowed subnets I added the IP-ranges of the local subnet on the server side and the adress pool of openvpn. Then I added the specific IP-adresses of the computers on the server side that I want to reach, the IP-adress that I gained from the adress pool and the server/gateway out of the adress pool. What a simple solution... ???
I still have a lot to learn. Thanks GruensFroeschli for the help!!
Stop: It isn't all solved yet. I can see the PC behind the server at the office, I can use the shared files, but when I open RDC, it still gives me problems: can't click anything, can't use the keyboard, and RDC breaks down after 20 mouseclicks/30 seconds.
Maybe reinstall the pfsense on my homeside and try it without the proxe server, snort and so on? could there be a conflict? ???
I dont know much about RDP.
Are you by chance using multiWAN?
Nope. But I took an easy descision: I've completely reinstalled the pfsense at my home. Didn't install any packages like proxy server etc. And that did the trick - completely including RDC. OpenVPn runs completely smooth and is fully operational. Later on I will install extra packages one by one to see what influences this has on the OpenVPN server…
It's obvious that users with limited experience on packages can have strange problems. Also I can call it a fact that OpenVPN is more sensitive to software firewalls (like windows) than PPTP or IPSec.
I say it again: thanks very much for your help on tackling this problem, GruensFroeschli! I hope it solves this problem for a lot of other users, too.
You might be interrested in this:
Notes – Firewall on the Windows client
In general, it's a good idea to always protect a VPN client or server with a firewall.
The important points for setting up firewalling on a Windows system running OpenVPN are:
1. Make sure that your connection to the internet is always firewalled, especially when you are running a VPN. VPNs create trusted relationships between geographically disparate networks, and if any network on the VPN is compromised by a virus or worm, the exploit has the potential of jumping across the VPN and infecting other machines.
2. You can enable firewalling on a given network adapter by going to Control Panel -> Network Connections, right-click on the icon that represents your link to the internet, select "Properties", go the the "Advanced" tab, and enable "Internet Connection Firewall".
3. If you are running OpenVPN as a server on a Windows machine, you will need to configure your firewall to allow incoming clients to connect to OpenVPN's port number which is "UDP 1194" by default.
4. In general, running OpenVPN as a client doesn't require any special firewall configuration, provided you use the --ping option to preserve the state of the OpenVPN connection in the firewall.
5. In general, you don't need to enable firewalling on the TAP-Win32 adapter. Once an IP packet appears to be "coming in" on the TAP-Win32 adapter, it has already been decrypted and authenticated by OpenVPN, even though the connection between OpenVPN peers might transit an untrusted network such as the internet.
6. One case where you might want to firewall the TAP-Win32 adapter is if you are connecting to an untrusted machine, or a machine which will route or bridge your connection with an untrusted network.