1. Home
  2. pfSense® Software
  3. OpenVPN
  4. Established VPN connection but no ping or other connection into target network

Established VPN connection but no ping or other connection into target network

  • M

    Dear Forum Members,

    I'm busy configurating a client to server OpenVPN connection on PFSense 2.2.4. I installed the Client Export Package and configured the VPN as can be seen in attached picture  VPN-Server-Config.jpg. So my .ovpn file is attached here as well (ovpn-File.jpg).

    On the client side the connection is established well:

    Wed Aug 26 10:23:53 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
    Wed Aug 26 10:23:53 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
    Wed Aug 26 10:23:54 2015 Control Channel Authentication: using 'pfsense-udp-xxxxxxxxxxxxxxxxxxxxx-tls.key' as a OpenVPN static key file
    Wed Aug 26 10:23:54 2015 UDPv4 link local (bound): [undef]
    Wed Aug 26 10:23:54 2015 UDPv4 link remote: [AF_INET]92.xx.xxx.xxx:xxxxx
    Wed Aug 26 10:23:55 2015 [WEDO-VPN-SERVER-CERT] Peer Connection Initiated with [AF_INET]92.xx.xxx.xxx:xxxxx
    Wed Aug 26 10:23:57 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Wed Aug 26 10:23:57 2015 open_tun, tt->ipv6=0
    Wed Aug 26 10:23:57 2015 TAP-WIN32 device [LAN-Verbindung 2] opened: \.\Global{A8D9943C-xxxx-4241-xxxx-171657E1D1B8}.tap
    Wed Aug 26 10:23:57 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.xxx.6/255.255.255.252 on interface {A8D9943C-xxxx-4241-xxxx-171657E1D1B8} [DHCP-serv: 192.168.xxx.5,

    lease-time: 31536000]
    Wed Aug 26 10:23:57 2015 Successful ARP Flush on interface [28] {A8D9943C-xxxx-4241-xxxx-171657E1D1B8}
    Wed Aug 26 10:24:02 2015 Initialization Sequence Completed

    My firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.

    The interface is configured well via DHCP:

    Ethernet-Adapter LAN-Verbindung 2:

    Verbindungsspezifisches DNS-Suffix:
      Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
      Physikalische Adresse . . . . . . : 00-xx-xx-xx-xx-xx
      DHCP aktiviert. . . . . . . . . . : Ja
      Autokonfiguration aktiviert . . . : Ja
      Verbindungslokale IPv6-Adresse  . : fe80::xxxx:30d3:xxxx:c1f8%28(Bevorzugt)
      IPv4-Adresse  . . . . . . . . . . : 192.168.xxx.6(Bevorzugt)
      Subnetzmaske  . . . . . . . . . . : 255.255.255.252
      Lease erhalten. . . . . . . . . . : Mittwoch, 26. August 2015 10:03:03
      Lease läuft ab. . . . . . . . . . : Donnerstag, 25. August 2016 10:03:03
      Standardgateway . . . . . . . . . :
      DHCP-Server . . . . . . . . . . . : 192.168.220.5
      DHCPv6-IAID . . . . . . . . . . . : 486604712
      DHCPv6-Client-DUID. . . . . . . . : 00-01-00-xx-19-45-09-xx-A4-xx-31-xx-A9-9

    DNS-Server  . . . . . . . . . . . : 192.168.xx.x
                                          192.168.xx.x
      NetBIOS über TCP/IP . . . . . . . : Aktiviert

    And I added an "Allow All" rule to the OpenVPN section on the firewall. Pls see attached Open_VPN_Rule.jpg .

    Still any kind of traffic will be blocked in PFSense as you can see in RDPFirewalBlock.jpg . The rule which triggered that action is the standard deny rule (Block_Rule.jpg).

    So I thought I had done everything right so far, but I'm stuck and don't know how to proceed.

    Any help is greatly appreciated. Kind regards, MisterIX.










    0
  • V

    You don't get the routes added on client.
    I think, it should help to start OpenVPN Manager or OpenVPN GUI with admin privileges.

    0
  • Derelict
    LAYER 8 Netgate

    My firewall (Zone Alarm) asked me here the first time if the new network was public or safe. I chose safe. Also the problem still occurs when I shut of the firewall for 5 minutes.

    And please just turn this crap off and leave it off (if not uninstall it) when debugging things like this.

    0
  • M

    @Viragomann: There is no other way to get the VPN-Client running on Win7 than starting it with administration permissions.

    @Derelict: Wash your mouth with soap, immediatly!

    0
  • D
    Banned

    @MisterIX:

    @Derelict: Wash your mouth with soap, immediatly!

    That's easy, but disinfecting computers polluted with ZA requires complete reinstall…  ;D :P ::)

    0
  • M

    Yeah, allright. Stop trolling…  >:(

    So in the end I can give an answer to the problem by myself. In my opinion there might still be some problems with the 64Bit Version of the OpenVPN-Client. In the end it even crashed my Win7 Computer only seconds after establishing a VPN tunnel.

    I went back to a software Version, which I had allready used for OpenVPN successfully which is openvpn-2.3.2 in a 32Bit Version.

    Then just adding the gateway IP as an on-link static route like:

    route add -p 192.168.xx.1 mask 255.255.255.0 0.0.0.0 metric x

    will conclude the routing settings and everything works fine.

    Kind regards, MisterIX.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy