This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
rockjock51
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Dec 25, 2014 6:56 am
Post
by rockjock51 » Thu Dec 25, 2014 7:14 am
Hello...
I've installed OpenVPN on my PfSense server and have successfully configured it and connected with my Windows client. That connection can ping the OpenVPN/PfSense server and use the internet just fine. It cannot, however, ping LAN computers on the server side. I've configured my firewall to allow all traffic from the OpenVPN interface to all destinations. I've also configured it to allow all LAN traffic to all destinations. The PfSense box is the only default gateway on the network, so the OpenVPN server is also the default gateway.
Here's my server.conf:
Code: Select all
dev ovpns1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local <Correct Public IP>
tls-server
server 10.0.1.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "route 192.168.248.0 255.255.255.0"
push "dhcp-option DNS 192.168.248.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float
topology subnet
And the client:
Code: Select all
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 75.120.156.104 1194 udp
lport 0
verify-x509-name "MyOpenVPN-Server-Cert" name
auth-user-pass
pkcs12 pfsense-udp-1194-rockjock.p12
tls-auth pfsense-udp-1194-rockjock-tls.key 1
ns-cert-type server
comp-lzo
I'm struggling to understand what could be causing this. Any help would be greatly appreciated. Let me know if I've left any important bits out and I'll get them added ASAP.
Thanks,
Rocky
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
-
Contact:
Post
by maikcat » Thu Dec 25, 2014 5:42 pm
your lan pcs , do they have firewall enabled?
Michael.
-
rockjock51
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Dec 25, 2014 6:56 am
Post
by rockjock51 » Sat Dec 27, 2014 10:14 pm
The one I'm trying to ping has the Windows Firewall completely disabled. Another is an Ubuntu Server that I can't SSH into either.
-
rockjock51
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Dec 25, 2014 6:56 am
Post
by rockjock51 » Sat Dec 27, 2014 10:16 pm
The one I'm trying to ping has the Windows firewall completely disabled. Another one that I'm trying to interact with is an Ubuntu Server that I also can't SSH to.
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
-
Contact:
Post
by maikcat » Sun Dec 28, 2014 2:26 pm
please for testing disable you firewall (Except the nat rules),
also can you ping your vpn client from your lan pcs?
Michael.
-
Mikah
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Jan 16, 2015 11:39 pm
Post
by Mikah » Fri Jan 16, 2015 11:42 pm
Hi
Please do a small change in server.conf, there is:
Code: Select all
push "route 192.168.248.0 255.255.255.0"
Should be:
Code: Select all
push "route 10.0.1.0 255.255.255.0"
Br.
Mike
-
Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Post
by Traffic » Sun Jan 18, 2015 4:30 pm
Mikah, you are incorrect.
push "route 10.0.1.0 255.255.255.0" is taken care of by correct use of --server 10.0.1.0 (above)
push "route 192.168.248.0 255.255.255.0" is required.
-
noor92
- OpenVpn Newbie
- Posts: 2
- Joined: Tue Jan 28, 2020 10:19 am
Post
by noor92 » Tue Jan 28, 2020 10:21 am
Hello,
I have the same problem, have you solved the problem?
-
Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Post
by Pippin » Tue Jan 28, 2020 1:21 pm
This topic is quite old.
You are probably better served at Netgate forums.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp