4

I am having an OpenVPN issue. I have a pfSense box at home configured to allow traffic through a VPN tunnel. The client computer is Windows XP Home, behind a standard Comcast connection and a Netgear wireless router. I use OpenVPN to access my work network (from where I am trying to get out of in this post) from home (with an XP Pro machine behind pfSense), and this works fine. The client config is similar but has the changes specific to my setup... Here is my XP Home config:

client
dev tun
proto tcp
remote pfsense.*.org 1194 (starred out by me)
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3

When I launch the OpenVPN GUI, the Tunnel TAP network connection turns red, and I can right-click that to connect to the server. Everything seems to work fine until I browse for the actual network. The Tunnel TAP connection turns green and it says connected to 10.1.1.6 (I have tried different IP pools here too with no luck). I can see the internal network fine, but my home network behind pfSense is not there. I have tried browsing there by using Tools > Map Network Drive, using the browser, with no success.

When I open the command line on the client and use the ipconfig -all command, I get the following:

Connection-specific DNS Suffix  . : 
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 
Physical Address. . . . . . . . . : *** (starred out by me) 
Dhcp Enabled. . . . . . . . . . . : Yes 
Autoconfiguration Enabled . . . . : Yes 
IP Address. . . . . . . . . . . . : 10.1.1.6 
Subnet Mask . . . . . . . . . . . : 255.255.255.252 
Default Gateway . . . . . . . . . : 
DHCP Server . . . . . . . . . . . : 10.1.1.5 
Lease Obtained. . . . . . . . . . : Monday, March 15, 2010 1:18:37 PM 
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2011 1:18:37 PM

I noticed that the default gateway is not present. Could this be my problem? I am still relatively new to firewalls, VPN, and network configuration so I'm sure I am messing up something simple.

Oh yah, I should note that I have firewall rules configured for pfSense to allow traffic through the WAN and the LAN. At first there was just the WAN firewall rule, because that is what I got from the literature I was reading. I then created a LAN rule as well, but I'm not sure if this was correct. Neither way works, though.

Improve this question
5
  • You are not getting a default gateway back from your DHCP server. I'm guessing your work network is 10.1.1.x? Is 10.1.1.5 on your work network? Can you ping it when connected?
    – heavyd
    Commented Mar 15, 2010 at 20:59
  • I am at work currently, using DynDNS to access my pfSense box. The IP assigned to my work XP Home box is 10.1.1.6. Not sure where 10.1.1.5 came from, but no, it is not on my work network. The work network is 192.168.1.x. I cannot ping 10.1.1.5
    – nicorellius
    Commented Mar 15, 2010 at 21:11
  • Your work network is 192.168.1.x?! Your IT guy should really choose a more unique subnet. What is your home subnet? Are the conflicts?
    – jonfhancock
    Commented Mar 15, 2010 at 21:45
  • I agree that the work network should have a different subnet... We don't have an IT guy, though, so the network gets neglected, to say the least. My home network is 192.168.5.x.
    – nicorellius
    Commented Mar 15, 2010 at 22:50
  • After getting it to work, I still don't have a default gateway for the TAP-Win32 Adapter V9. Does this matter?
    – nicorellius
    Commented Mar 16, 2010 at 0:12

4 Answers 4

Reset to default
3

After working on this problem for some time, I have successfully establish a connection to my home network behind the pfSense firewall. I adjusted a couple settings that may have made this possible:

1) I changed the "LZO compression" from unchecked to checked
2) I changed the names of my client keys (which I doubt did anything)
3) I went through and double-checked all my settings. Although the two above were the only NET changes I made, I did remove the value in "Local Network" on the server tab in pfSense OpenVPN but added it back again.

The remaining issue I am having is that, in Windows XP, when I go to Tools > Map Network Drive, I still can't browse to my home network. I can access my home printers and ping IP addresses on the home network, and if I enter the path for the shared folders I can get into them. It would be nice to be able to browse for the available shared drives on the home network, but this is a small piece of the overall puzzle.

So, technically, the question hasn't been fully answered.

Thanks again for everyone's help.

Improve this answer
1

Is the route being added correctly to Windows?

Open a command prompt and run route print

Look for a route to 192.168.1.x

Can you post your OpenVPN client log? That would be very helpful.

Improve this answer
1
  • 1
    I ran route print and see several network destinations, among which there are some to 192.168.1.0, 192.168.1.255, and 192.168.1.103. Regarding the OpenVPN log... I think it is too large to post here. Should I post it here if it contains my network info?
    – nicorellius
    Commented Mar 15, 2010 at 23:00
0

It would be nice to be able to browse for the available shared drives on the home network

The firewall on the computer you want to access is what is denying you. You can either turn off the firewall for your tap device that your OpenVPN server is using (not recommended), or allow file sharing on the tap device.

Improve this answer
0

I fixed this issue with my Ubuntu running OpenVPN client by adding this line to client:

route 192.168.30.0 255.255.255.0

Replace the value with the subnet you wish to be able to reach.

Fixed me right up and I'm using the NATed TUN - No problems.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .