Pfsense 1.2 + openvpn + road-warrior cannot access windows share?

periko

Hi People.

This is a question that is been around this forum, i have read this forum with no solution, i setup my road-warrior setting using the doc from the manual here at this site.

I have my server at home 192.168.10.X 255.255.255.0
  I setup a host at dyndns myname.dyndns.com

I don't have a wins server or dns inside my network, but i have some shares that i need to access from anywhere.

I can ping my lan clients from outside without any issue, my LAN cannot ping my road-warriors no problem here, i just want that my road-warriors get access to my lan shares running windows 2k/win xp.

This is my openvpn.conf setting:

writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 192.168.10.0 255.255.255.0"
lport 1194
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo
persist-remote-ip
float

This is my client setting(windows xp home):

float
port 1194
dev tun
dev-node ovpn
proto udp
remote www.XYZ.dyndns.org 1194
ping 10
persist-tun
persist-key
tls-client
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
pull
verb 4

I have firewalls on windows disable, my road-warriors can ping my LAN clients. But if i want to see my clients share using \LAN-CLIENT-IP

Tell me that i don't have rights to access that resource. I setup lmhost + hosts with my LAN clients IP+name, i try to access using the same command and same result.

This a small network, i'm testing this setting, for me this is my first openvpn server i setup, i have read this forum but i still cannot made this thing works.

Exist one field at the server setting where u setup the remote network, i understand that the network i put there my LAN-clients will reach, but is not working, is i'm wrong let me know.

Some told something about the option iroute, but them he told that is not the solution.

My DSL modem is a 2wire, my routing tables from my server:

Destination        Gateway            Flags    Refs      Use  Netif Expire
default            public-ip.ded. UGS        0    25459    ng0
10.0.8/24          10.0.8.2          UGS        0    1759  tun0
10.0.8.2          10.0.8.1          UH          1        0  tun0
localhost          localhost          UH          0        0    lo0
192.168.10        link#1            UC          0        0  fxp0
192.168.10.150    00:15:58:4d:ca:9e  UHLW        1    1372  fxp0  1007
publi-ip.ded. public-ip.ds UH          1    1830    ng0
public-ip.ds lo0                UHS        0        0    lo0

Client:

Rutas activas:
Destino de red        Máscara de red  Puerta de acceso  Interfaz  Métrica
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.92      25
        10.0.8.1  255.255.255.255        10.0.8.5        10.0.8.6      1
        10.0.8.4  255.255.255.252        10.0.8.6        10.0.8.6      30
        10.0.8.6  255.255.255.255        127.0.0.1      127.0.0.1      30
  10.255.255.255  255.255.255.255        10.0.8.6        10.0.8.6      30
        127.0.0.0        255.0.0.0        127.0.0.1      127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.92    192.168.1.92      25
    192.168.1.92  255.255.255.255        127.0.0.1      127.0.0.1      25
    192.168.1.255  255.255.255.255    192.168.1.92    192.168.1.92      25
    192.168.10.0    255.255.255.0        10.0.8.5        10.0.8.6      1
        224.0.0.0        240.0.0.0        10.0.8.6        10.0.8.6      30
        224.0.0.0        240.0.0.0    192.168.1.92    192.168.1.92      25
  255.255.255.255  255.255.255.255        10.0.8.6              2      1
  255.255.255.255  255.255.255.255        10.0.8.6        10.0.8.6      1
  255.255.255.255  255.255.255.255    192.168.1.92    192.168.1.92      1
Puerta de enlace predeterminada:    192.168.1.254

Well people, this is my current issues, i love this software, but i still don't found my error.

I have been playing all day, is time to stop for this day, hope someone could show me some light for me, thanks all for your time  :-\

eri--

you are missing a tls-server on the server config since you have a tls-client on clinet one.

periko

Hi ermal.

Sorry for not answer u this days, i was checking this problem, i had been working with this issue this days, and yesterday something told me, ask your self this:

Can i browse my shares inside my internal LAN?
  Can i access my shares inside my internal LAN?

I detect that inside my LAN i could not browse my clients and none of my clients could access the shares.

Today i fix this and now i can access my shares from my vpn, i can map my shares. I already did a little change to my server settings.

The problem was my internal LAN, thanks for your help, now i love more this great OS and his tools.

Right now I'm checking how to tuning the performance of the connection, thanks again for your support  ;D.

glennster

So what was the solution?

yce_kelvin

ya,

I interest to know the issue you found as well.  :D

tarjei

This isn't too hard.

The point is that you have to have your wins server announce on the subnet where the VPN hosts are too. This requires a few changes in the setup.

1. You need to make the WINS server know it has another subnet to relate to:
in smb.conf:

make sure hosts allow contains the subnet

hosts allow = 127.0.0.1 10.23.23.0/24
wins support = yes

2. The you have to add the following options to the openvpn server:
push "dhcp-option NBT 2"
push "dhcp-option DNS <your dns="" ip="">"   
push "dhcp-option WINS <your wins="" server="" ip="">"

I find browsing a bit slow. I am not sure why, so if anyone has some input on that, I would be greatfull.</your></your>