Client having trouble connecting to LAN from VPN



  • So I have a client having an issue connecting to the services I have running on the LAN side even though they are connected to the VPN and I can see their connection under the status page for OpenVPN. I pulled the log from their side, substituted <external ip="">for our external IP and <user>for the username. I'm relatively noob level on this stuff and I have no idea what's causing this. She was using it this morning and it was in the middle of being of entering data to one of the services when it just stopped allowing her access to the LAN. I tried running the OpenVPN gui as administrator and it didn't help. The client is running Windows XP. Thoughts?

    Log file:

    Mon Jul 13 12:39:58 2015 OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec  1 2014
    Mon Jul 13 12:39:58 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
    Enter Management Password:
    Mon Jul 13 12:40:10 2015 Control Channel Authentication: using 'pfSense-udp-1194-<user>-tls.key' as a OpenVPN static key file
    Mon Jul 13 12:40:10 2015 UDPv4 link local (bound): [undef]
    Mon Jul 13 12:40:10 2015 UDPv4 link remote: [AF_INET]<external ip="">:1194
    Mon Jul 13 12:40:10 2015 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
    Mon Jul 13 12:40:11 2015 [OpenVPNCert] Peer Connection Initiated with [AF_INET]<external ip="">:1194
    Mon Jul 13 12:40:14 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mon Jul 13 12:40:14 2015 open_tun, tt->ipv6=0
    Mon Jul 13 12:40:14 2015 TAP-WIN32 device [Local Area Connection 9] opened: \.\Global{B914001F-CF95-432A-81B4-D039F2126173}.tap
    Mon Jul 13 12:40:14 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.2.6/255.255.255.252 on interface {B914001F-CF95-432A-81B4-D039F2126173} [DHCP-serv: 192.168.2.5, lease-time: 31536000]
    Mon Jul 13 12:40:14 2015 Successful ARP Flush on interface [131075] {B914001F-CF95-432A-81B4-D039F2126173}
    Mon Jul 13 12:40:20 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.  [status=87 if_index=131075]
    Mon Jul 13 12:40:20 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Mon Jul 13 12:40:21 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.  [status=87 if_index=131075]
    Mon Jul 13 12:40:21 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Mon Jul 13 12:40:21 2015 Initialization Sequence Completed</external></external></user></user></external>


  • LAYER 8 Global Moderator

    on Jul 13 12:40:20 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.  [status=87 if_index=131075]
    Mon Jul 13 12:40:20 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Mon Jul 13 12:40:21 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect.  [status=87 if_index=131075]
    Mon Jul 13 12:40:21 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

    Well seems like you have a problem creating the route to your networks behind pfsense..

    As to thoughts - one that comes to mind is why would anyone still be running XP ;)

    What rute are you trying t add?



  • She has XP because she's 2000 miles away and I didn't know she was running XP until recently (this is for a small business). Since she's the only one having the problem, maybe I should just upgrade her to Windows 7 and be done with it lol.

    So, I'm assuming it's trying to add the route client side? Like I said, I'm a noob when it comes to this and pretty much networking as a whole. I used the client export wizard to output the configuration. I'm not seeing anything in the config file that is trying to create a route.

    Config file:
    dev tun
    persist-tun
    persist-key
    cipher AES-128-CBC
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote <external ip="">1194 udp
    lport 0
    verify-x509-name "OpenVPNCert" name
    auth-user-pass
    pkcs12 pfSense-udp-1194-<user>.p12
    tls-auth pfSense-udp-1194-<user>-tls.key 1
    ns-cert-type server
    comp-lzo adaptive</user></user></external>


  • LAYER 8 Global Moderator

    When you make the connection it will add routes..

    You can bump up the logging verbosity to view them being added..

    example, here is my currently connecting to my pfsense openvpn setup at home..  See the routes get added

    Mon Jul 13 16:38:31 2015 Successful ARP Flush on interface [22] {5A2F7EEA-6ED4-4F64-84E8-6A9A17179285}
    Mon Jul 13 16:38:36 2015 TEST ROUTES: 4/4 succeeded len=4 ret=1 a=0 u/d=up
    Mon Jul 13 16:38:36 2015 MANAGEMENT: >STATE:1436823516,ADD_ROUTES,,,
    Mon Jul 13 16:38:36 2015 C:\Windows\system32\route.exe ADD 192.168.9.0 MASK 255.255.255.0 10.0.8.5
    Mon Jul 13 16:38:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
    Mon Jul 13 16:38:36 2015 Route addition via IPAPI succeeded [adaptive]
    Mon Jul 13 16:38:36 2015 C:\Windows\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 10.0.8.5
    Mon Jul 13 16:38:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
    Mon Jul 13 16:38:36 2015 Route addition via IPAPI succeeded [adaptive]
    Mon Jul 13 16:38:36 2015 C:\Windows\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 10.0.8.5
    Mon Jul 13 16:38:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
    Mon Jul 13 16:38:36 2015 Route addition via IPAPI succeeded [adaptive]
    Mon Jul 13 16:38:36 2015 C:\Windows\system32\route.exe ADD 10.0.8.1 MASK 255.255.255.255 10.0.8.5
    Mon Jul 13 16:38:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
    Mon Jul 13 16:38:36 2015 Route addition via IPAPI succeeded [adaptive]

    if you add

    verb 4

    to your config you should get more details..



Log in to reply