Pfsense 1.2 + openvpn + road-warrior cannot access windows share?
periko last edited by
This is a question that is been around this forum, i have read this forum with no solution, i setup my road-warrior setting using the doc from the manual here at this site.
I have my server at home 192.168.10.X 255.255.255.0
I setup a host at dyndns myname.dyndns.com
I don't have a wins server or dns inside my network, but i have some shares that i need to access from anywhere.
I can ping my lan clients from outside without any issue, my LAN cannot ping my road-warriors no problem here, i just want that my road-warriors get access to my lan shares running windows 2k/win xp.
This is my openvpn.conf setting:
keepalive 10 60
server 10.0.8.0 255.255.255.0
push "route 192.168.10.0 255.255.255.0"
This is my client setting(windows xp home):
remote www.XYZ.dyndns.org 1194
I have firewalls on windows disable, my road-warriors can ping my LAN clients. But if i want to see my clients share using \LAN-CLIENT-IP
Tell me that i don't have rights to access that resource. I setup lmhost + hosts with my LAN clients IP+name, i try to access using the same command and same result.
This a small network, i'm testing this setting, for me this is my first openvpn server i setup, i have read this forum but i still cannot made this thing works.
Exist one field at the server setting where u setup the remote network, i understand that the network i put there my LAN-clients will reach, but is not working, is i'm wrong let me know.
Some told something about the option iroute, but them he told that is not the solution.
My DSL modem is a 2wire, my routing tables from my server:
Destination Gateway Flags Refs Use Netif Expire
default public-ip.ded. UGS 0 25459 ng0
10.0.8/24 10.0.8.2 UGS 0 1759 tun0
10.0.8.2 10.0.8.1 UH 1 0 tun0
localhost localhost UH 0 0 lo0
192.168.10 link#1 UC 0 0 fxp0
192.168.10.150 00:15:58:4d:ca:9e UHLW 1 1372 fxp0 1007
publi-ip.ded. public-ip.ds UH 1 1830 ng0
public-ip.ds lo0 UHS 0 0 lo0
Destino de red Máscara de red Puerta de acceso Interfaz Métrica
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.92 25
10.0.8.1 255.255.255.255 10.0.8.5 10.0.8.6 1
10.0.8.4 255.255.255.252 10.0.8.6 10.0.8.6 30
10.0.8.6 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.0.8.6 10.0.8.6 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.92 192.168.1.92 25
192.168.1.92 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.92 192.168.1.92 25
192.168.10.0 255.255.255.0 10.0.8.5 10.0.8.6 1
18.104.22.168 240.0.0.0 10.0.8.6 10.0.8.6 30
22.214.171.124 240.0.0.0 192.168.1.92 192.168.1.92 25
255.255.255.255 255.255.255.255 10.0.8.6 2 1
255.255.255.255 255.255.255.255 10.0.8.6 10.0.8.6 1
255.255.255.255 255.255.255.255 192.168.1.92 192.168.1.92 1
Puerta de enlace predeterminada: 192.168.1.254
Well people, this is my current issues, i love this software, but i still don't found my error.
I have been playing all day, is time to stop for this day, hope someone could show me some light for me, thanks all for your time :-\
you are missing a tls-server on the server config since you have a tls-client on clinet one.
periko last edited by
Sorry for not answer u this days, i was checking this problem, i had been working with this issue this days, and yesterday something told me, ask your self this:
Can i browse my shares inside my internal LAN?
Can i access my shares inside my internal LAN?
I detect that inside my LAN i could not browse my clients and none of my clients could access the shares.
Today i fix this and now i can access my shares from my vpn, i can map my shares. I already did a little change to my server settings.
The problem was my internal LAN, thanks for your help, now i love more this great OS and his tools.
Right now I'm checking how to tuning the performance of the connection, thanks again for your support ;D.
So what was the solution?
I interest to know the issue you found as well. :D
This isn't too hard.
The point is that you have to have your wins server announce on the subnet where the VPN hosts are too. This requires a few changes in the setup.
1. You need to make the WINS server know it has another subnet to relate to:
hosts allow = 127.0.0.1 10.23.23.0/24
wins support = yes
2. The you have to add the following options to the openvpn server:
push "dhcp-option NBT 2"
push "dhcp-option DNS <your dns="" ip="">"
push "dhcp-option WINS <your wins="" server="" ip="">"
I find browsing a bit slow. I am not sure why, so if anyone has some input on that, I would be greatfull.</your></your>