Solved

PFSense OpenVPN cannot connect to LAN

Posted on 2012-03-15
5
3,403 Views
Last Modified: 2012-05-26
I have setup an open vpn connection to my pfsense.  My workstation connects but cannot get to the LAN.  My LAN machines can ping the OPENVPN interface on the pfsense.  When I tried to do a packet capture on the openvpn interface I didn't see any traffic.
0
Comment
Question by:onyxa
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:Paul-B
ID: 37726586
Make sure the subnet you are currently connecting from and the subnet your LAN is using are different. In other words make sure they are both like 192.168.1.xx subnets. Also make sure in your rule sets you have it so that that all traffic can pass between the VPN clients and the LAN.
0
 

Author Comment

by:onyxa
ID: 37726710
Workstation Subnet:  192.168.1.0
VPN Subnet:  10.0.8.0
Remote LAN Subnet:  192.168.20.0

I also have a route push statement giving the interface 10.0.8.1 as the VPN gateway.  It shows up in ipconfig but now there is no ip address even though the client says it assigned 10.0.8.6

Here is what the client log is saying

Thu Mar 15 13:47:07 2012 OpenVPN 2.2.0 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] [IPv6 payload 20110521-1 (2.2.0)] built on May 21 2011
Thu Mar 15 13:47:12 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Mar 15 13:47:12 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Mar 15 13:47:12 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Mar 15 13:47:13 2012 Control Channel Authentication: using 'winterstorm-udp-1194-tls.key' as a OpenVPN static key file
Thu Mar 15 13:47:13 2012 LZO compression initialized
Thu Mar 15 13:47:13 2012 UDPv4 link local (bound): [undef]:1194
Thu Mar 15 13:47:13 2012 UDPv4 link remote: 65.74.131.68:1194
Thu Mar 15 13:47:13 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Mar 15 13:47:14 2012 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Thu Mar 15 13:47:14 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Thu Mar 15 13:47:14 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Thu Mar 15 13:47:14 2012 [vpnuser] Peer Connection Initiated with 65.74.131.68:1194
Thu Mar 15 13:47:16 2012 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.20.0
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.8.1
Thu Mar 15 13:47:16 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Mar 15 13:47:16 2012 open_tun, tt->ipv6=0
Thu Mar 15 13:47:16 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC}.tap
Thu Mar 15 13:47:16 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.8.6/10.0.8.5 on interface {6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC} [DHCP-serv: 10.0.8.4, lease-time: 31536000]
Thu Mar 15 13:47:16 2012 Successful ARP Flush on interface [16] {6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC}
0
 

Accepted Solution

by:
onyxa earned 0 total points
ID: 37726775
I just worked it out.  I had TAP device set on client and TUN set on server.  Thanks for the help.
0
 
LVL 4

Expert Comment

by:Paul-B
ID: 37726831
Ok, I'm glad you found it and thanks for sharing your resolution
0
 

Author Closing Comment

by:onyxa
ID: 38014462
Because I figured it out
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question