Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Established VPN connection but no ping or other connection into target network

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MisterIX
      last edited by

      Dear Forum Members,

      I'm busy configurating a client to server OpenVPN connection on PFSense 2.2.4. I installed the Client Export Package and configured the VPN as can be seen in attached picture  VPN-Server-Config.jpg. So my .ovpn file is attached here as well (ovpn-File.jpg).

      On the client side the connection is established well:

      Wed Aug 26 10:23:53 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
      Wed Aug 26 10:23:53 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
      Wed Aug 26 10:23:54 2015 Control Channel Authentication: using 'pfsense-udp-xxxxxxxxxxxxxxxxxxxxx-tls.key' as a OpenVPN static key file
      Wed Aug 26 10:23:54 2015 UDPv4 link local (bound): [undef]
      Wed Aug 26 10:23:54 2015 UDPv4 link remote: [AF_INET]92.xx.xxx.xxx:xxxxx
      Wed Aug 26 10:23:55 2015 [WEDO-VPN-SERVER-CERT] Peer Connection Initiated with [AF_INET]92.xx.xxx.xxx:xxxxx
      Wed Aug 26 10:23:57 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      Wed Aug 26 10:23:57 2015 open_tun, tt->ipv6=0
      Wed Aug 26 10:23:57 2015 TAP-WIN32 device [LAN-Verbindung 2] opened: \.\Global{A8D9943C-xxxx-4241-xxxx-171657E1D1B8}.tap
      Wed Aug 26 10:23:57 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.xxx.6/255.255.255.252 on interface {A8D9943C-xxxx-4241-xxxx-171657E1D1B8} [DHCP-serv: 192.168.xxx.5,

      lease-time: 31536000]
      Wed Aug 26 10:23:57 2015 Successful ARP Flush on interface [28] {A8D9943C-xxxx-4241-xxxx-171657E1D1B8}
      Wed Aug 26 10:24:02 2015 Initialization Sequence Completed

      My firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.

      The interface is configured well via DHCP:

      Ethernet-Adapter LAN-Verbindung 2:

      Verbindungsspezifisches DNS-Suffix:
        Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
        Physikalische Adresse . . . . . . : 00-xx-xx-xx-xx-xx
        DHCP aktiviert. . . . . . . . . . : Ja
        Autokonfiguration aktiviert . . . : Ja
        Verbindungslokale IPv6-Adresse  . : fe80::xxxx:30d3:xxxx:c1f8%28(Bevorzugt)
        IPv4-Adresse  . . . . . . . . . . : 192.168.xxx.6(Bevorzugt)
        Subnetzmaske  . . . . . . . . . . : 255.255.255.252
        Lease erhalten. . . . . . . . . . : Mittwoch, 26. August 2015 10:03:03
        Lease läuft ab. . . . . . . . . . : Donnerstag, 25. August 2016 10:03:03
        Standardgateway . . . . . . . . . :
        DHCP-Server . . . . . . . . . . . : 192.168.220.5
        DHCPv6-IAID . . . . . . . . . . . : 486604712
        DHCPv6-Client-DUID. . . . . . . . : 00-01-00-xx-19-45-09-xx-A4-xx-31-xx-A9-9

      DNS-Server  . . . . . . . . . . . : 192.168.xx.x
                                            192.168.xx.x
        NetBIOS über TCP/IP . . . . . . . : Aktiviert

      And I added an "Allow All" rule to the OpenVPN section on the firewall. Pls see attached Open_VPN_Rule.jpg .

      Still any kind of traffic will be blocked in PFSense as you can see in RDPFirewalBlock.jpg . The rule which triggered that action is the standard deny rule (Block_Rule.jpg).

      So I thought I had done everything right so far, but I'm stuck and don't know how to proceed.

      Any help is greatly appreciated. Kind regards, MisterIX.

      VPN-Server-Config.jpg
      VPN-Server-Config.jpg_thumb
      ovpn-File.jpg
      ovpn-File.jpg_thumb
      Open_VPN_Rule.jpg
      Open_VPN_Rule.jpg_thumb
      RDPFirewallBlock.jpg
      RDPFirewallBlock.jpg_thumb
      Block_Rule.jpg
      Block_Rule.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        You don't get the routes added on client.
        I think, it should help to start OpenVPN Manager or OpenVPN GUI with admin privileges.

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          My firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.

          And please just turn this crap off and leave it off (if not uninstall it) when debugging things like this.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • M
            MisterIX
            last edited by

            @Viragomann: There is no other way to get the VPN-Client running on Win7 than starting it with administration permissions.

            @Derelict: Wash your mouth with soap, immediatly!

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              @MisterIX:

              @Derelict: Wash your mouth with soap, immediatly!

              That's easy, but disinfecting computers polluted with ZA requires complete reinstall…  ;D :P ::)

              1 Reply Last reply Reply Quote 0
              • M
                MisterIX
                last edited by

                Yeah, allright. Stop trolling…  >:(

                So in the end I can give an answer to the problem by myself. In my opinion there might still be some problems with the 64Bit Version of the OpenVPN-Client. In the end it even crashed my Win7 Computer only seconds after establishing a VPN tunnel.

                I went back to a software Version, which I had allready used for OpenVPN successfully which is openvpn-2.3.2 in a 32Bit Version.

                Then just adding the gateway IP as an on-link static route like:

                route add -p 192.168.xx.1 mask 255.255.255.0 0.0.0.0 metric x

                will conclude the routing settings and everything works fine.

                Kind regards, MisterIX.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.