PFSense OpenVPN cannot connect to LAN

I have setup an open vpn connection to my pfsense.  My workstation connects but cannot get to the LAN.  My LAN machines can ping the OPENVPN interface on the pfsense.  When I tried to do a packet capture on the openvpn interface I didn't see any traffic.
onyxaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul-BCommented:
Make sure the subnet you are currently connecting from and the subnet your LAN is using are different. In other words make sure they are both like 192.168.1.xx subnets. Also make sure in your rule sets you have it so that that all traffic can pass between the VPN clients and the LAN.
0
onyxaAuthor Commented:
Workstation Subnet:  192.168.1.0
VPN Subnet:  10.0.8.0
Remote LAN Subnet:  192.168.20.0

I also have a route push statement giving the interface 10.0.8.1 as the VPN gateway.  It shows up in ipconfig but now there is no ip address even though the client says it assigned 10.0.8.6

Here is what the client log is saying

Thu Mar 15 13:47:07 2012 OpenVPN 2.2.0 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] [IPv6 payload 20110521-1 (2.2.0)] built on May 21 2011
Thu Mar 15 13:47:12 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Mar 15 13:47:12 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Mar 15 13:47:12 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Mar 15 13:47:13 2012 Control Channel Authentication: using 'winterstorm-udp-1194-tls.key' as a OpenVPN static key file
Thu Mar 15 13:47:13 2012 LZO compression initialized
Thu Mar 15 13:47:13 2012 UDPv4 link local (bound): [undef]:1194
Thu Mar 15 13:47:13 2012 UDPv4 link remote: 65.74.131.68:1194
Thu Mar 15 13:47:13 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Mar 15 13:47:14 2012 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Thu Mar 15 13:47:14 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Thu Mar 15 13:47:14 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Thu Mar 15 13:47:14 2012 [vpnuser] Peer Connection Initiated with 65.74.131.68:1194
Thu Mar 15 13:47:16 2012 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.20.0
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.8.1
Thu Mar 15 13:47:16 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Mar 15 13:47:16 2012 open_tun, tt->ipv6=0
Thu Mar 15 13:47:16 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC}.tap
Thu Mar 15 13:47:16 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.8.6/10.0.8.5 on interface {6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC} [DHCP-serv: 10.0.8.4, lease-time: 31536000]
Thu Mar 15 13:47:16 2012 Successful ARP Flush on interface [16] {6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC}
0
onyxaAuthor Commented:
I just worked it out.  I had TAP device set on client and TUN set on server.  Thanks for the help.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Paul-BCommented:
Ok, I'm glad you found it and thanks for sharing your resolution
0
onyxaAuthor Commented:
Because I figured it out
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server Apps

From novice to tech pro — start learning today.