Pfsense 1.2 + openvpn + road-warrior cannot access windows share?

  • Hi People.

    This is a question that is been around this forum, i have read this forum with no solution, i setup my road-warrior setting using the doc from the manual here at this site.

    I have my server at home 192.168.10.X
      I setup a host at dyndns

    I don't have a wins server or dns inside my network, but i have some shares that i need to access from anywhere.

    I can ping my lan clients from outside without any issue, my LAN cannot ping my road-warriors no problem here, i just want that my road-warriors get access to my lan shares running windows 2k/win xp.

    This is my openvpn.conf setting:

    writepid /var/run/
    #user nobody
    #group nobody
    keepalive 10 60
    dev tun
    proto udp
    cipher BF-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    client-config-dir /var/etc/openvpn_csc
    push "route"
    lport 1194
    ca /var/etc/
    cert /var/etc/openvpn_server0.cert
    key /var/etc/openvpn_server0.key
    dh /var/etc/openvpn_server0.dh

    This is my client setting(windows xp home):

    port 1194
    dev tun
    dev-node ovpn
    proto udp
    remote 1194
    ping 10
    ca ca.crt
    cert client1.crt
    key client1.key
    ns-cert-type server
    verb 4

    I have firewalls on windows disable, my road-warriors can ping my LAN clients. But if i want to see my clients share using \LAN-CLIENT-IP

    Tell me that i don't have rights to access that resource. I setup lmhost + hosts with my LAN clients IP+name, i try to access using the same command and same result.

    This a small network, i'm testing this setting, for me this is my first openvpn server i setup, i have read this forum but i still cannot made this thing works.

    Exist one field at the server setting where u setup the remote network, i understand that the network i put there my LAN-clients will reach, but is not working, is i'm wrong let me know.

    Some told something about the option iroute, but them he told that is not the solution.

    My DSL modem is a 2wire, my routing tables from my server:

    Destination        Gateway            Flags    Refs      Use  Netif Expire
    default            public-ip.ded. UGS        0    25459    ng0
    10.0.8/24          UGS        0    1759  tun0          UH          1        0  tun0
    localhost          localhost          UH          0        0    lo0
    192.168.10        link#1            UC          0        0  fxp0    00:15:58:4d:ca:9e  UHLW        1    1372  fxp0  1007
    publi-ip.ded. public-ip.ds UH          1    1830    ng0
    public-ip.ds lo0                UHS        0        0    lo0


    Rutas activas:
    Destino de red        Máscara de red  Puerta de acceso  Interfaz  Métrica
        30      30
      25      25      25      1
        25              2      1      1      1
    Puerta de enlace predeterminada:

    Well people, this is my current issues, i love this software, but i still don't found my error.

    I have been playing all day, is time to stop for this day, hope someone could show me some light for me, thanks all for your time  :-\

  • you are missing a tls-server on the server config since you have a tls-client on clinet one.

  • Hi ermal.

    Sorry for not answer u this days, i was checking this problem, i had been working with this issue this days, and yesterday something told me, ask your self this:

    Can i browse my shares inside my internal LAN?
      Can i access my shares inside my internal LAN?

    I detect that inside my LAN i could not browse my clients and none of my clients could access the shares.

    Today i fix this and now i can access my shares from my vpn, i can map my shares. I already did a little change to my server settings.

    The problem was my internal LAN, thanks for your help, now i love more this great OS and his tools.

    Right now I'm checking how to tuning the performance of the connection, thanks again for your support  ;D.

  • So what was the solution?

  • ya,

    I interest to know the issue you found as well.  :D

  • This isn't too hard.

    The point is that you have to have your wins server announce on the subnet where the VPN hosts are too. This requires a few changes in the setup.

    1. You need to make the WINS server know it has another subnet to relate to:
    in smb.conf:

    make sure hosts allow contains the subnet

    hosts allow =
    wins support = yes

    2. The you have to add the following options to the openvpn server:
    push "dhcp-option NBT 2"
    push "dhcp-option DNS <your dns="" ip="">"   
    push "dhcp-option WINS <your wins="" server="" ip="">"

    I find browsing a bit slow. I am not sure why, so if anyone has some input on that, I would be greatfull.</your></your>

Log in to reply