Established VPN connection but no ping or other connection into target network

MisterIX

Dear Forum Members,

I'm busy configurating a client to server OpenVPN connection on PFSense 2.2.4. I installed the Client Export Package and configured the VPN as can be seen in attached picture VPN-Server-Config.jpg. So my .ovpn file is attached here as well (ovpn-File.jpg).

On the client side the connection is established well:

Wed Aug 26 10:23:53 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Wed Aug 26 10:23:53 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Wed Aug 26 10:23:54 2015 Control Channel Authentication: using 'pfsense-udp-xxxxxxxxxxxxxxxxxxxxx-tls.key' as a OpenVPN static key file
Wed Aug 26 10:23:54 2015 UDPv4 link local (bound): [undef]
Wed Aug 26 10:23:54 2015 UDPv4 link remote: [AF_INET]92.xx.xxx.xxx:xxxxx
Wed Aug 26 10:23:55 2015 [WEDO-VPN-SERVER-CERT] Peer Connection Initiated with [AF_INET]92.xx.xxx.xxx:xxxxx
Wed Aug 26 10:23:57 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Aug 26 10:23:57 2015 open_tun, tt->ipv6=0
Wed Aug 26 10:23:57 2015 TAP-WIN32 device [LAN-Verbindung 2] opened: \.\Global{A8D9943C-xxxx-4241-xxxx-171657E1D1B8}.tap
Wed Aug 26 10:23:57 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.xxx.6/255.255.255.252 on interface {A8D9943C-xxxx-4241-xxxx-171657E1D1B8} [DHCP-serv: 192.168.xxx.5,

lease-time: 31536000]
Wed Aug 26 10:23:57 2015 Successful ARP Flush on interface [28] {A8D9943C-xxxx-4241-xxxx-171657E1D1B8}
Wed Aug 26 10:24:02 2015 Initialization Sequence Completed

My firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.

The interface is configured well via DHCP:

Ethernet-Adapter LAN-Verbindung 2:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
Physikalische Adresse . . . . . . : 00-xx-xx-xx-xx-xx
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::xxxx:30d3:xxxx:c1f8%28(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.xxx.6(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.252
Lease erhalten. . . . . . . . . . : Mittwoch, 26. August 2015 10:03:03
Lease läuft ab. . . . . . . . . . : Donnerstag, 25. August 2016 10:03:03
Standardgateway . . . . . . . . . :
DHCP-Server . . . . . . . . . . . : 192.168.220.5
DHCPv6-IAID . . . . . . . . . . . : 486604712
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-xx-19-45-09-xx-A4-xx-31-xx-A9-9

DNS-Server . . . . . . . . . . . : 192.168.xx.x
192.168.xx.x
NetBIOS über TCP/IP . . . . . . . : Aktiviert

And I added an "Allow All" rule to the OpenVPN section on the firewall. Pls see attached Open_VPN_Rule.jpg .

Still any kind of traffic will be blocked in PFSense as you can see in RDPFirewalBlock.jpg . The rule which triggered that action is the standard deny rule (Block_Rule.jpg).

So I thought I had done everything right so far, but I'm stuck and don't know how to proceed.

Any help is greatly appreciated. Kind regards, MisterIX.

VPN-Server-Config.jpg_thumb

ovpn-File.jpg_thumb

Open_VPN_Rule.jpg_thumb

RDPFirewallBlock.jpg_thumb

Block_Rule.jpg_thumb

viragomann

You don't get the routes added on client.
I think, it should help to start OpenVPN Manager or OpenVPN GUI with admin privileges.

Derelict

My firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.

And please just turn this crap off and leave it off (if not uninstall it) when debugging things like this.

MisterIX

@Viragomann: There is no other way to get the VPN-Client running on Win7 than starting it with administration permissions.

@Derelict: Wash your mouth with soap, immediatly!

doktornotor

@MisterIX:

@Derelict: Wash your mouth with soap, immediatly!

That's easy, but disinfecting computers polluted with ZA requires complete reinstall… ;D :P ::)

MisterIX

Yeah, allright. Stop trolling… >:(

So in the end I can give an answer to the problem by myself. In my opinion there might still be some problems with the 64Bit Version of the OpenVPN-Client. In the end it even crashed my Win7 Computer only seconds after establishing a VPN tunnel.

I went back to a software Version, which I had allready used for OpenVPN successfully which is openvpn-2.3.2 in a 32Bit Version.

Then just adding the gateway IP as an on-link static route like:

route add -p 192.168.xx.1 mask 255.255.255.0 0.0.0.0 metric x

will conclude the routing settings and everything works fine.

Kind regards, MisterIX.