Solved

PFSense OpenVPN cannot connect to LAN

Posted on 2012-03-15
5
3,268 Views
Last Modified: 2012-05-26
I have setup an open vpn connection to my pfsense.  My workstation connects but cannot get to the LAN.  My LAN machines can ping the OPENVPN interface on the pfsense.  When I tried to do a packet capture on the openvpn interface I didn't see any traffic.
0
Comment
Question by:onyxa
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:Paul-B
Comment Utility
Make sure the subnet you are currently connecting from and the subnet your LAN is using are different. In other words make sure they are both like 192.168.1.xx subnets. Also make sure in your rule sets you have it so that that all traffic can pass between the VPN clients and the LAN.
0
 

Author Comment

by:onyxa
Comment Utility
Workstation Subnet:  192.168.1.0
VPN Subnet:  10.0.8.0
Remote LAN Subnet:  192.168.20.0

I also have a route push statement giving the interface 10.0.8.1 as the VPN gateway.  It shows up in ipconfig but now there is no ip address even though the client says it assigned 10.0.8.6

Here is what the client log is saying

Thu Mar 15 13:47:07 2012 OpenVPN 2.2.0 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] [IPv6 payload 20110521-1 (2.2.0)] built on May 21 2011
Thu Mar 15 13:47:12 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Mar 15 13:47:12 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Mar 15 13:47:12 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Mar 15 13:47:13 2012 Control Channel Authentication: using 'winterstorm-udp-1194-tls.key' as a OpenVPN static key file
Thu Mar 15 13:47:13 2012 LZO compression initialized
Thu Mar 15 13:47:13 2012 UDPv4 link local (bound): [undef]:1194
Thu Mar 15 13:47:13 2012 UDPv4 link remote: 65.74.131.68:1194
Thu Mar 15 13:47:13 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Mar 15 13:47:14 2012 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Thu Mar 15 13:47:14 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Thu Mar 15 13:47:14 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Thu Mar 15 13:47:14 2012 [vpnuser] Peer Connection Initiated with 65.74.131.68:1194
Thu Mar 15 13:47:16 2012 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.20.0
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Mar 15 13:47:16 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.8.1
Thu Mar 15 13:47:16 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Mar 15 13:47:16 2012 open_tun, tt->ipv6=0
Thu Mar 15 13:47:16 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC}.tap
Thu Mar 15 13:47:16 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.0.8.6/10.0.8.5 on interface {6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC} [DHCP-serv: 10.0.8.4, lease-time: 31536000]
Thu Mar 15 13:47:16 2012 Successful ARP Flush on interface [16] {6AC59747-63BE-4FE3-B698-F4D9D2FE4CFC}
0
 

Accepted Solution

by:
onyxa earned 0 total points
Comment Utility
I just worked it out.  I had TAP device set on client and TUN set on server.  Thanks for the help.
0
 
LVL 4

Expert Comment

by:Paul-B
Comment Utility
Ok, I'm glad you found it and thanks for sharing your resolution
0
 

Author Closing Comment

by:onyxa
Comment Utility
Because I figured it out
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now