Pfsense 1.2 + openvpn + road-warrior cannot access windows share?



  • Hi People.

    This is a question that is been around this forum, i have read this forum with no solution, i setup my road-warrior setting using the doc from the manual here at this site.

    I have my server at home 192.168.10.X 255.255.255.0
      I setup a host at dyndns myname.dyndns.com

    I don't have a wins server or dns inside my network, but i have some shares that i need to access from anywhere.

    I can ping my lan clients from outside without any issue, my LAN cannot ping my road-warriors no problem here, i just want that my road-warriors get access to my lan shares running windows 2k/win xp.

    This is my openvpn.conf setting:

    writepid /var/run/openvpn_server0.pid
    #user nobody
    #group nobody
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    dev tun
    proto udp
    cipher BF-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    server 10.0.8.0 255.255.255.0
    client-config-dir /var/etc/openvpn_csc
    push "route 192.168.10.0 255.255.255.0"
    lport 1194
    ca /var/etc/openvpn_server0.ca
    cert /var/etc/openvpn_server0.cert
    key /var/etc/openvpn_server0.key
    dh /var/etc/openvpn_server0.dh
    comp-lzo
    persist-remote-ip
    float

    This is my client setting(windows xp home):

    float
    port 1194
    dev tun
    dev-node ovpn
    proto udp
    remote www.XYZ.dyndns.org 1194
    ping 10
    persist-tun
    persist-key
    tls-client
    ca ca.crt
    cert client1.crt
    key client1.key
    ns-cert-type server
    comp-lzo
    pull
    verb 4

    I have firewalls on windows disable, my road-warriors can ping my LAN clients. But if i want to see my clients share using \LAN-CLIENT-IP

    Tell me that i don't have rights to access that resource. I setup lmhost + hosts with my LAN clients IP+name, i try to access using the same command and same result.

    This a small network, i'm testing this setting, for me this is my first openvpn server i setup, i have read this forum but i still cannot made this thing works.

    Exist one field at the server setting where u setup the remote network, i understand that the network i put there my LAN-clients will reach, but is not working, is i'm wrong let me know.

    Some told something about the option iroute, but them he told that is not the solution.

    My DSL modem is a 2wire, my routing tables from my server:

    Destination        Gateway            Flags    Refs      Use  Netif Expire
    default            public-ip.ded. UGS        0    25459    ng0
    10.0.8/24          10.0.8.2          UGS        0    1759  tun0
    10.0.8.2          10.0.8.1          UH          1        0  tun0
    localhost          localhost          UH          0        0    lo0
    192.168.10        link#1            UC          0        0  fxp0
    192.168.10.150    00:15:58:4d:ca:9e  UHLW        1    1372  fxp0  1007
    publi-ip.ded. public-ip.ds UH          1    1830    ng0
    public-ip.ds lo0                UHS        0        0    lo0

    Client:

    Rutas activas:
    Destino de red        Máscara de red  Puerta de acceso  Interfaz  Métrica
              0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.92      25
            10.0.8.1  255.255.255.255        10.0.8.5        10.0.8.6      1
            10.0.8.4  255.255.255.252        10.0.8.6        10.0.8.6      30
            10.0.8.6  255.255.255.255        127.0.0.1      127.0.0.1      30
      10.255.255.255  255.255.255.255        10.0.8.6        10.0.8.6      30
            127.0.0.0        255.0.0.0        127.0.0.1      127.0.0.1      1
          192.168.1.0    255.255.255.0    192.168.1.92    192.168.1.92      25
        192.168.1.92  255.255.255.255        127.0.0.1      127.0.0.1      25
        192.168.1.255  255.255.255.255    192.168.1.92    192.168.1.92      25
        192.168.10.0    255.255.255.0        10.0.8.5        10.0.8.6      1
            224.0.0.0        240.0.0.0        10.0.8.6        10.0.8.6      30
            224.0.0.0        240.0.0.0    192.168.1.92    192.168.1.92      25
      255.255.255.255  255.255.255.255        10.0.8.6              2      1
      255.255.255.255  255.255.255.255        10.0.8.6        10.0.8.6      1
      255.255.255.255  255.255.255.255    192.168.1.92    192.168.1.92      1
    Puerta de enlace predeterminada:    192.168.1.254

    Well people, this is my current issues, i love this software, but i still don't found my error.

    I have been playing all day, is time to stop for this day, hope someone could show me some light for me, thanks all for your time  :-\



  • you are missing a tls-server on the server config since you have a tls-client on clinet one.



  • Hi ermal.

    Sorry for not answer u this days, i was checking this problem, i had been working with this issue this days, and yesterday something told me, ask your self this:

    Can i browse my shares inside my internal LAN?
      Can i access my shares inside my internal LAN?

    I detect that inside my LAN i could not browse my clients and none of my clients could access the shares.

    Today i fix this and now i can access my shares from my vpn, i can map my shares. I already did a little change to my server settings.

    The problem was my internal LAN, thanks for your help, now i love more this great OS and his tools.

    Right now I'm checking how to tuning the performance of the connection, thanks again for your support  ;D.



  • So what was the solution?



  • ya,

    I interest to know the issue you found as well.  :D



  • This isn't too hard.

    The point is that you have to have your wins server announce on the subnet where the VPN hosts are too. This requires a few changes in the setup.

    1. You need to make the WINS server know it has another subnet to relate to:
    in smb.conf:

    make sure hosts allow contains the subnet

    hosts allow = 127.0.0.1 10.23.23.0/24
    wins support = yes

    2. The you have to add the following options to the openvpn server:
    push "dhcp-option NBT 2"
    push "dhcp-option DNS <your dns="" ip="">"   
    push "dhcp-option WINS <your wins="" server="" ip="">"

    I find browsing a bit slow. I am not sure why, so if anyone has some input on that, I would be greatfull.</your></your>


Log in to reply