jfranco123
asked on
OPENVPN only able to connect to vpn server cannot see other machines
I am able to establish a vpn connection and ping both the server by internal name and vpn name I cannot see any other machines on the network
attached are my server logs client logs and both config files
client.log
server.log
client.txt
server.txt
attached are my server logs client logs and both config files
client.log
server.log
client.txt
server.txt
Did you set the local network section correctly? (excerpt from pfsense configuration)
Protocol: UDP
Local port: 1194
Address pool: 192.168.200.0/24 (It should be an address range that you ''DONT'' currently use.)
Local Network: 192.168.1.0/24 (Whatever the network is that you want the VPN client to connect to)
Remote Network: blank
Cryptography: BF-CBC (128 bit) - or use what you want
Authentication Method: PKI
Protocol: UDP
Local port: 1194
Address pool: 192.168.200.0/24 (It should be an address range that you ''DONT'' currently use.)
Local Network: 192.168.1.0/24 (Whatever the network is that you want the VPN client to connect to)
Remote Network: blank
Cryptography: BF-CBC (128 bit) - or use what you want
Authentication Method: PKI
ASKER
I have everything setup above and I have the same issue just different ip pools
As I mentioned in the other question you opened, it's a routing issue. Can you ping the IP of the OpenVPN server from one of the other machines on your network (the OpenVPN IP, not the LAN IP)?
ASKER
no I am unable to ping the open vpn ip from the other machines on the lan only the one that I am connected with. I changed my ip scheme to 192.168.200.0 for the openvpn my lan uses 192.168.0.1
her is my new server config file
local 192.168.0.59
server 192.168.200.0 255.255.255.0
port 5959
route "192.168.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway"
proto udp
max-clients 100
mssfix 1400
persist-key
dev tap
dh "C:/Program Files/OpenVPN/easy-rsa/key
ca "C:/Program Files/OpenVPN/easy-rsa/key
cert "C:/Program Files/OpenVPN/easy-rsa/key
key "c:/program files/openvpn/easy-rsa/key
keepalive 10 120
comp-lzo
script-security 2
status openvpn-status.log
verb 3
her is my new server config file
local 192.168.0.59
server 192.168.200.0 255.255.255.0
port 5959
route "192.168.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway"
proto udp
max-clients 100
mssfix 1400
persist-key
dev tap
dh "C:/Program Files/OpenVPN/easy-rsa/key
ca "C:/Program Files/OpenVPN/easy-rsa/key
cert "C:/Program Files/OpenVPN/easy-rsa/key
key "c:/program files/openvpn/easy-rsa/key
keepalive 10 120
comp-lzo
script-security 2
status openvpn-status.log
verb 3
jfranco,
It isn't effective to let Experts work on the same issue in more than one thread at any time. Both jfranco and me have tried to explain what to do to get the OpenVPN network routed on the LAN, and the LAN routed on the client. I think it is best to re-accept http:/Q_26535613.html (making the client config work in that way that the connection is established), and then close either this or the other open thread http:/Q_26552082.html. Doing otherwise would require to reduce the points in each question, as they may not sum up to more than 500 points for the same topic. Reducing can only be done by Moderators.
It isn't effective to let Experts work on the same issue in more than one thread at any time. Both jfranco and me have tried to explain what to do to get the OpenVPN network routed on the LAN, and the LAN routed on the client. I think it is best to re-accept http:/Q_26535613.html (making the client config work in that way that the connection is established), and then close either this or the other open thread http:/Q_26552082.html. Doing otherwise would require to reduce the points in each question, as they may not sum up to more than 500 points for the same topic. Reducing can only be done by Moderators.
ASKER
this is the only one I have open now... I still cannot see any other hosts on the network,
no I am unable to ping the open vpn ip from the other machines on the lan only the one that I am connected with. I changed my ip scheme to 192.168.200.0 for the openvpn my lan uses 192.168.0.1
her is my new server config file
local 192.168.0.59
server 192.168.200.0 255.255.255.0
port 5959
route "192.168.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway"
proto udp
max-clients 100
mssfix 1400
persist-key
dev tap
dh "C:/Program Files/OpenVPN/easy-rsa/key
ca "C:/Program Files/OpenVPN/easy-rsa/key
cert "C:/Program Files/OpenVPN/easy-rsa/key
key "c:/program files/openvpn/easy-rsa/key
keepalive 10 120
comp-lzo
script-security 2
status openvpn-status.log
verb 3
no I am unable to ping the open vpn ip from the other machines on the lan only the one that I am connected with. I changed my ip scheme to 192.168.200.0 for the openvpn my lan uses 192.168.0.1
her is my new server config file
local 192.168.0.59
server 192.168.200.0 255.255.255.0
port 5959
route "192.168.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway"
proto udp
max-clients 100
mssfix 1400
persist-key
dev tap
dh "C:/Program Files/OpenVPN/easy-rsa/key
ca "C:/Program Files/OpenVPN/easy-rsa/key
cert "C:/Program Files/OpenVPN/easy-rsa/key
key "c:/program files/openvpn/easy-rsa/key
keepalive 10 120
comp-lzo
script-security 2
status openvpn-status.log
verb 3
On one of your other LAN PCs, open a command prompt. Type in "route add 192.168.200.0 mask 255.255.255.0 192.168.0.XXX" where XXX is the LAN IP of your OpenVPN server.
Then see if you can communicate with this device over the VPN. If so, the route you added to your router earlier is incorrect.
Then see if you can communicate with this device over the VPN. If so, the route you added to your router earlier is incorrect.
ASKER
Yes when I added the route I was able to communicate with the device
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I absolutely agree, and that is what I have told you earlier already.
ASKER