[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3897
  • Last Modified:

PFSense OpenVPN cannot connect to LAN

I have setup an open vpn connection to my pfsense.  My workstation connects but cannot get to the LAN.  My LAN machines can ping the OPENVPN interface on the pfsense.  When I tried to do a packet capture on the openvpn interface I didn't see any traffic.
0
onyxa
Asked:
onyxa
  • 3
  • 2
1 Solution
 
Paul-BCommented:
Make sure the subnet you are currently connecting from and the subnet your LAN is using are different. In other words make sure they are both like 192.168.1.xx subnets. Also make sure in your rule sets you have it so that that all traffic can pass between the VPN clients and the LAN.
0
 
onyxaAuthor Commented:
Workstation Subnet:  192.168.1.0
VPN Subnet:  10.0.8.0
Remote LAN Subnet:  192.168.20.0

I also have a route push statement giving the interface 10.0.8.1 as the VPN gateway.  It shows up in ipconfig but now there is no ip address even though the client says it assigned 10.0.8.6

Here is what the client log is saying

Thu Mar 15 13:47:07 2012 OpenVPN 2.2.0 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] [IPv6 payload 20110521-1 (2.2.0)] built on May 21 2011
Thu Mar 15 13:47:12 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Mar 15 13:47:12 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Mar 15 13:47:12 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Mar 15 13:47:13 2012 Control Channel Authentication: using 'winterstorm-udp-1194-tls.key' as a OpenVPN static key file
Thu Mar 15 13:47:13 2012 LZO compression initialized
Thu Mar 15 13:47:13 2012 UDPv4 link local (bound): [undef]:1194
Thu Mar 15 13:47:13 2012 UDPv4 link remote: 65.74.131.68:1194
Thu Mar 15 13:47:13 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Mar 15 13:47:14 2012 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Thu Mar 15 13:47:14 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Thu Mar 15 13:47:14 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Thu Mar 15 13:47:14 2012 [vpnuser] Peer Connection Initiated with 65.74.131.68:1194
Thu Mar 15 13:47:16 2012 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.20.0
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.8.1
Thu Mar 15 13:47:16 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Mar 15 13:47:16 2012 open_tun, tt->ipv6=0
Thu Mar 15 13:47:16 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC}.tap
Thu Mar 15 13:47:16 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.8.6/10.0.8.5 on interface {6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC} [DHCP-serv: 10.0.8.4, lease-time: 31536000]
Thu Mar 15 13:47:16 2012 Successful ARP Flush on interface [16] {6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC}
0
 
onyxaAuthor Commented:
I just worked it out.  I had TAP device set on client and TUN set on server.  Thanks for the help.
0
 
Paul-BCommented:
Ok, I'm glad you found it and thanks for sharing your resolution
0
 
onyxaAuthor Commented:
Because I figured it out
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now