Client having trouble connecting to LAN from VPN
-
So I have a client having an issue connecting to the services I have running on the LAN side even though they are connected to the VPN and I can see their connection under the status page for OpenVPN. I pulled the log from their side, substituted <external ip="">for our external IP and <user>for the username. I'm relatively noob level on this stuff and I have no idea what's causing this. She was using it this morning and it was in the middle of being of entering data to one of the services when it just stopped allowing her access to the LAN. I tried running the OpenVPN gui as administrator and it didn't help. The client is running Windows XP. Thoughts?
Log file:
Mon Jul 13 12:39:58 2015 OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 1 2014
Mon Jul 13 12:39:58 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Enter Management Password:
Mon Jul 13 12:40:10 2015 Control Channel Authentication: using 'pfSense-udp-1194-<user>-tls.key' as a OpenVPN static key file
Mon Jul 13 12:40:10 2015 UDPv4 link local (bound): [undef]
Mon Jul 13 12:40:10 2015 UDPv4 link remote: [AF_INET]<external ip="">:1194
Mon Jul 13 12:40:10 2015 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Mon Jul 13 12:40:11 2015 [OpenVPNCert] Peer Connection Initiated with [AF_INET]<external ip="">:1194
Mon Jul 13 12:40:14 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jul 13 12:40:14 2015 open_tun, tt->ipv6=0
Mon Jul 13 12:40:14 2015 TAP-WIN32 device [Local Area Connection 9] opened: \.\Global{B914001F-CF95-432A-81B4-D039F2126173}.tap
Mon Jul 13 12:40:14 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.2.6/255.255.255.252 on interface {B914001F-CF95-432A-81B4-D039F2126173} [DHCP-serv: 192.168.2.5, lease-time: 31536000]
Mon Jul 13 12:40:14 2015 Successful ARP Flush on interface [131075] {B914001F-CF95-432A-81B4-D039F2126173}
Mon Jul 13 12:40:20 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=131075]
Mon Jul 13 12:40:20 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Jul 13 12:40:21 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=131075]
Mon Jul 13 12:40:21 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Jul 13 12:40:21 2015 Initialization Sequence Completed</external></external></user></user></external> -
on Jul 13 12:40:20 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=131075]
Mon Jul 13 12:40:20 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Mon Jul 13 12:40:21 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=131075]
Mon Jul 13 12:40:21 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\WbemWell seems like you have a problem creating the route to your networks behind pfsense..
As to thoughts - one that comes to mind is why would anyone still be running XP ;)
What rute are you trying t add?
-
She has XP because she's 2000 miles away and I didn't know she was running XP until recently (this is for a small business). Since she's the only one having the problem, maybe I should just upgrade her to Windows 7 and be done with it lol.
So, I'm assuming it's trying to add the route client side? Like I said, I'm a noob when it comes to this and pretty much networking as a whole. I used the client export wizard to output the configuration. I'm not seeing anything in the config file that is trying to create a route.
Config file:
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote <external ip="">1194 udp
lport 0
verify-x509-name "OpenVPNCert" name
auth-user-pass
pkcs12 pfSense-udp-1194-<user>.p12
tls-auth pfSense-udp-1194-<user>-tls.key 1
ns-cert-type server
comp-lzo adaptive</user></user></external> -
When you make the connection it will add routes..
You can bump up the logging verbosity to view them being added..
example, here is my currently connecting to my pfsense openvpn setup at home.. See the routes get added
Mon Jul 13 16:38:31 2015 Successful ARP Flush on interface [22] {5A2F7EEA-6ED4-4F64-84E8-6A9A17179285}
Mon Jul 13 16:38:36 2015 TEST ROUTES: 4/4 succeeded len=4 ret=1 a=0 u/d=up
Mon Jul 13 16:38:36 2015 MANAGEMENT: >STATE:1436823516,ADD_ROUTES,,,
Mon Jul 13 16:38:36 2015 C:\Windows\system32\route.exe ADD 192.168.9.0 MASK 255.255.255.0 10.0.8.5
Mon Jul 13 16:38:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Mon Jul 13 16:38:36 2015 Route addition via IPAPI succeeded [adaptive]
Mon Jul 13 16:38:36 2015 C:\Windows\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 10.0.8.5
Mon Jul 13 16:38:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Mon Jul 13 16:38:36 2015 Route addition via IPAPI succeeded [adaptive]
Mon Jul 13 16:38:36 2015 C:\Windows\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 10.0.8.5
Mon Jul 13 16:38:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Mon Jul 13 16:38:36 2015 Route addition via IPAPI succeeded [adaptive]
Mon Jul 13 16:38:36 2015 C:\Windows\system32\route.exe ADD 10.0.8.1 MASK 255.255.255.255 10.0.8.5
Mon Jul 13 16:38:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Mon Jul 13 16:38:36 2015 Route addition via IPAPI succeeded [adaptive]if you add
verb 4
to your config you should get more details..
