OpenVPN client-server cannot access lan
-
OP, this is what we need:
1. Post the contents of your openvpn server config (server1.conf). i.e.:
-
Diagnostics -> Edit file
-
Navigate to "/var/etc/openvpn"
-
Post the contents of "server1.conf"
2. Post screenshots of the firewall rules on your LAN and OpenVPN tab
dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local XXX.XXX.XXX.XXX
tls-server
server 10.2.100.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'test-firewall' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "route 10.1.100.0 255.255.255.0"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
persist-remote-ip
float
topology subnet -
-
Please find attached screenshots of my firewall rules.
![Screen Shot 2015-03-11 at 7.20.40 am.png](/public/imported_attachments/1/Screen Shot 2015-03-11 at 7.20.40 am.png)
![Screen Shot 2015-03-11 at 7.20.40 am.png_thumb](/public/imported_attachments/1/Screen Shot 2015-03-11 at 7.20.40 am.png_thumb)
![Screen Shot 2015-03-11 at 7.20.50 am.png](/public/imported_attachments/1/Screen Shot 2015-03-11 at 7.20.50 am.png)
![Screen Shot 2015-03-11 at 7.20.50 am.png_thumb](/public/imported_attachments/1/Screen Shot 2015-03-11 at 7.20.50 am.png_thumb) -
These look like LAN and WAN rules, but there also needs to be similar allow rules on the openvpn tab
-
These look like LAN and WAN rules, but there also needs to be similar allow rules on the openvpn tab
Crap - Sorry!
![Screen Shot 2015-03-11 at 8.24.04 am.png](/public/imported_attachments/1/Screen Shot 2015-03-11 at 8.24.04 am.png)
![Screen Shot 2015-03-11 at 8.24.04 am.png_thumb](/public/imported_attachments/1/Screen Shot 2015-03-11 at 8.24.04 am.png_thumb) -
I see no problem with the rules…
Can you go to OpenVPN: Server, edit the server and post that page here.
I'm a simple minded guy. Reading that is easier for me.
-
Your settings look good to me.
What is it that you cannot ping on LAN?
Various versions of Windows will respond to ping from devices on their local subnet, but not to ping from another subnet. Make sure to turn off any firewall on the LAN device. Make sure the LAN device has default gateway pfSense LAN IP, so it can answer. -
You have an any/any firewall rule on our openvpn tab and your config is nearly identical to my working config, so I suspect your tunnel is working as expected.
Most likely this is a software firewall issue. If you're pinging a windows box, by default the windows firewall will deny ICMP echo requests from IP's sourced outside of it's local subnet. Disable the windows firewall and test your ping. If it works (which I suspect it will), and you want to keep the firewall enabled, you need to add a windows firewall exception that allows ICMP echo requests from all IP's.
-
i have the same problem, i can connect to the vpn, i can ping the host for me it`s 192.168.5.0/24 but i can't ping nobody on the network :-[
-
i have the same problem, i can connect to the vpn, i can ping the host for me it`s 192.168.5.0/24 but i can't ping nobody on the network :-[
[/quote]
Happy to help, but start a new thread, so we can keep everything straight. -
I have the same issue here. It used to run flawlessly, but suddenly stoped. I already rebuilt the server, restored the configuration and got stucked on the server. Can ping, open the url in a browser but cannot reach any of the machines on the LAN side.