Established VPN connection but no ping or other connection into target network



  • Dear Forum Members,

    I'm busy configurating a client to server OpenVPN connection on PFSense 2.2.4. I installed the Client Export Package and configured the VPN as can be seen in attached picture  VPN-Server-Config.jpg. So my .ovpn file is attached here as well (ovpn-File.jpg).

    On the client side the connection is established well:

    Wed Aug 26 10:23:53 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
    Wed Aug 26 10:23:53 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
    Wed Aug 26 10:23:54 2015 Control Channel Authentication: using 'pfsense-udp-xxxxxxxxxxxxxxxxxxxxx-tls.key' as a OpenVPN static key file
    Wed Aug 26 10:23:54 2015 UDPv4 link local (bound): [undef]
    Wed Aug 26 10:23:54 2015 UDPv4 link remote: [AF_INET]92.xx.xxx.xxx:xxxxx
    Wed Aug 26 10:23:55 2015 [WEDO-VPN-SERVER-CERT] Peer Connection Initiated with [AF_INET]92.xx.xxx.xxx:xxxxx
    Wed Aug 26 10:23:57 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Wed Aug 26 10:23:57 2015 open_tun, tt->ipv6=0
    Wed Aug 26 10:23:57 2015 TAP-WIN32 device [LAN-Verbindung 2] opened: \.\Global{A8D9943C-xxxx-4241-xxxx-171657E1D1B8}.tap
    Wed Aug 26 10:23:57 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.xxx.6/255.255.255.252 on interface {A8D9943C-xxxx-4241-xxxx-171657E1D1B8} [DHCP-serv: 192.168.xxx.5,

    lease-time: 31536000]
    Wed Aug 26 10:23:57 2015 Successful ARP Flush on interface [28] {A8D9943C-xxxx-4241-xxxx-171657E1D1B8}
    Wed Aug 26 10:24:02 2015 Initialization Sequence Completed

    My firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.

    The interface is configured well via DHCP:

    Ethernet-Adapter LAN-Verbindung 2:

    Verbindungsspezifisches DNS-Suffix:
      Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
      Physikalische Adresse . . . . . . : 00-xx-xx-xx-xx-xx
      DHCP aktiviert. . . . . . . . . . : Ja
      Autokonfiguration aktiviert . . . : Ja
      Verbindungslokale IPv6-Adresse  . : fe80::xxxx:30d3:xxxx:c1f8%28(Bevorzugt)
      IPv4-Adresse  . . . . . . . . . . : 192.168.xxx.6(Bevorzugt)
      Subnetzmaske  . . . . . . . . . . : 255.255.255.252
      Lease erhalten. . . . . . . . . . : Mittwoch, 26. August 2015 10:03:03
      Lease läuft ab. . . . . . . . . . : Donnerstag, 25. August 2016 10:03:03
      Standardgateway . . . . . . . . . :
      DHCP-Server . . . . . . . . . . . : 192.168.220.5
      DHCPv6-IAID . . . . . . . . . . . : 486604712
      DHCPv6-Client-DUID. . . . . . . . : 00-01-00-xx-19-45-09-xx-A4-xx-31-xx-A9-9

    DNS-Server  . . . . . . . . . . . : 192.168.xx.x
                                          192.168.xx.x
      NetBIOS über TCP/IP . . . . . . . : Aktiviert

    And I added an "Allow All" rule to the OpenVPN section on the firewall. Pls see attached Open_VPN_Rule.jpg .

    Still any kind of traffic will be blocked in PFSense as you can see in RDPFirewalBlock.jpg . The rule which triggered that action is the standard deny rule (Block_Rule.jpg).

    So I thought I had done everything right so far, but I'm stuck and don't know how to proceed.

    Any help is greatly appreciated. Kind regards, MisterIX.












  • You don't get the routes added on client.
    I think, it should help to start OpenVPN Manager or OpenVPN GUI with admin privileges.


  • LAYER 8 Netgate

    My firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.

    And please just turn this crap off and leave it off (if not uninstall it) when debugging things like this.



  • @Viragomann: There is no other way to get the VPN-Client running on Win7 than starting it with administration permissions.

    @Derelict: Wash your mouth with soap, immediatly!


  • Banned

    @MisterIX:

    @Derelict: Wash your mouth with soap, immediatly!

    That's easy, but disinfecting computers polluted with ZA requires complete reinstall…  ;D :P ::)



  • Yeah, allright. Stop trolling…  >:(

    So in the end I can give an answer to the problem by myself. In my opinion there might still be some problems with the 64Bit Version of the OpenVPN-Client. In the end it even crashed my Win7 Computer only seconds after establishing a VPN tunnel.

    I went back to a software Version, which I had allready used for OpenVPN successfully which is openvpn-2.3.2 in a 32Bit Version.

    Then just adding the gateway IP as an on-link static route like:

    route add -p 192.168.xx.1 mask 255.255.255.0 0.0.0.0 metric x

    will conclude the routing settings and everything works fine.

    Kind regards, MisterIX.


Log in to reply