Using pfSense, OpenVPN Connects but Still Can't See the Network

networking vpn firewall openvpn pfsense

34,911

Solution 1

After working on this problem for some time, I have successfully establish a connection to my home network behind the pfSense firewall. I adjusted a couple settings that may have made this possible:

1) I changed the "LZO compression" from unchecked to checked
2) I changed the names of my client keys (which I doubt did anything)
3) I went through and double-checked all my settings. Although the two above were the only NET changes I made, I did remove the value in "Local Network" on the server tab in pfSense OpenVPN but added it back again.

The remaining issue I am having is that, in Windows XP, when I go to Tools > Map Network Drive, I still can't browse to my home network. I can access my home printers and ping IP addresses on the home network, and if I enter the path for the shared folders I can get into them. It would be nice to be able to browse for the available shared drives on the home network, but this is a small piece of the overall puzzle.

So, technically, the question hasn't been fully answered.

Thanks again for everyone's help.

Solution 2

Is the route being added correctly to Windows?

Open a command prompt and run route print

Look for a route to 192.168.1.x

Can you post your OpenVPN client log? That would be very helpful.

34,911

Author by

nicorellius

python | django | app usability | ui/ux

Updated on September 17, 2022

Comments

nicorellius over 1 year
I am having an OpenVPN issue. I have a pfSense box at home configured to allow traffic through a VPN tunnel. The client computer is Windows XP Home, behind a standard Comcast connection and a Netgear wireless router. I use OpenVPN to access my work network (from where I am trying to get out of in this post) from home (with an XP Pro machine behind pfSense), and this works fine. The client config is similar but has the changes specific to my setup... Here is my XP Home config:
```
client
dev tun
proto tcp
remote pfsense.*.org 1194 (starred out by me)
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
```
When I launch the OpenVPN GUI, the Tunnel TAP network connection turns red, and I can right-click that to connect to the server. Everything seems to work fine until I browse for the actual network. The Tunnel TAP connection turns green and it says connected to 10.1.1.6 (I have tried different IP pools here too with no luck). I can see the internal network fine, but my home network behind pfSense is not there. I have tried browsing there by using Tools > Map Network Drive, using the browser, with no success.

When I open the command line on the client and use the ipconfig -all command, I get the following:
```
Connection-specific DNS Suffix  . : 
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 
Physical Address. . . . . . . . . : *** (starred out by me) 
Dhcp Enabled. . . . . . . . . . . : Yes 
Autoconfiguration Enabled . . . . : Yes 
IP Address. . . . . . . . . . . . : 10.1.1.6 
Subnet Mask . . . . . . . . . . . : 255.255.255.252 
Default Gateway . . . . . . . . . : 
DHCP Server . . . . . . . . . . . : 10.1.1.5 
Lease Obtained. . . . . . . . . . : Monday, March 15, 2010 1:18:37 PM 
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2011 1:18:37 PM 
```
I noticed that the default gateway is not present. Could this be my problem? I am still relatively new to firewalls, VPN, and network configuration so I'm sure I am messing up something simple.

Oh yah, I should note that I have firewall rules configured for pfSense to allow traffic through the WAN and the LAN. At first there was just the WAN firewall rule, because that is what I got from the literature I was reading. I then created a LAN rule as well, but I'm not sure if this was correct. Neither way works, though.
- heavyd about 14 years
  
  You are not getting a default gateway back from your DHCP server. I'm guessing your work network is 10.1.1.x? Is 10.1.1.5 on your work network? Can you ping it when connected?
- nicorellius about 14 years
  
  I am at work currently, using DynDNS to access my pfSense box. The IP assigned to my work XP Home box is 10.1.1.6. Not sure where 10.1.1.5 came from, but no, it is not on my work network. The work network is 192.168.1.x. I cannot ping 10.1.1.5
- jonfhancock about 14 years
  
  Your work network is 192.168.1.x?! Your IT guy should really choose a more unique subnet. What is your home subnet? Are the conflicts?
- nicorellius about 14 years
  
  I agree that the work network should have a different subnet... We don't have an IT guy, though, so the network gets neglected, to say the least. My home network is 192.168.5.x.
- nicorellius about 14 years
  
  After getting it to work, I still don't have a default gateway for the TAP-Win32 Adapter V9. Does this matter?
nicorellius about 14 years

I ran route print and see several network destinations, among which there are some to 192.168.1.0, 192.168.1.255, and 192.168.1.103. Regarding the OpenVPN log... I think it is too large to post here. Should I post it here if it contains my network info?