Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
I'm looking in the logs on the pfsense and don't even see it getting there. I'm guess i'm fairly lost :-(
When doing the openvpn setup it did make it's own rule in the firewall. I set that to logging and I dont see much when looking at the logging. I'm going to reboot the box as suggested earlier, but this is very weird. It's like being 100% in the dark.
Two different clients attempt to connect and they both grab the same IP?
What does Status ---> OpenVPN say?
Is an internal server doing the DHCP, or are you specifying the range in the OpenVPN config?
You mentioned this happens when they connect at the same time. What if they dont connect at the same time?
Yes.That is definitely odd man. Are these two clients using the same client certs?
Yes.
this guide seems to be good for making an openvpn server out of pfsense too... i want to do that as well, does anybody know how many openvpn users this can handle? i like to install openvpn client as a service makes it easier for the users...
i would virtualize pfsense and just use a single nic.... i would forward openvpn port to that box...
C:\Users\Frank>nslookup
Default Server: pfsense.ad.home.lan
Address: 192.168.1.21
> frank-haf
Server: pfsense.ad.home.lan
Address: 192.168.1.21
Name: frank-haf.ad.home.lan
Address: 192.168.1.13
> acer-pc
Server: pfsense.ad.home.lan
Address: 192.168.1.21
Name: acer-pc.ad.home.lan
Address: 192.168.1.12
netstat -nr
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.7.1 0.0.0.0 UG 0 0 0 tap0
extIP2 192.168.X.1 255.255.255.255 UGH 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan0
192.168.7.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
192.168.X.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.X.1 0.0.0.0 UG 0 0 0 wlan0
192.168.X.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan0
After I did pfsense update to 2.1.1-RELEASE it will connect to the OpenVPN server but there is no access to the LAN
These steps are fantastic! I tried them, but it didn't work pfSense 2.3.2-RELEASE-p1 (amd64) on a NetGate SG 4860.
So, I opened a support ticket with NetGate.
Their response was that this is an insecure method. "First option I would not consider because it is not secure - letting vpn users in servers subnet may lead to security problems like ip spoofing, arp poisoining... "
Good grief!
I've got a Cisco ASA set on 192.168.10.1 and a pfSense box I set on 192.168.10.254, as a DHCP server as well. The idea was for redundancy, but of course if I VPN in, I can only access any PC's that the pfSense machine has given DHCP addresses to (ironically, the CIsco is faster usually) and the static IP servers in the system. The goal of course is for OpenVPN users on the pfSense box to access the entire network.
I figured the bridge would work great, give VPN users a 192.168.10.X address. Netgate apparently considers the entire reason we bought the pfSense box to be beside the point, so we may be returning it on Monday. LOL.
Symptoms: I could get it to work with these excellent instructions, but still had the same problem that I could only access servers that were using the pfSense DHCP server. None of the other devices were contactable. This makes no sense to me. I can post more detailed logs. I'll give it a go yet again.
NetGate recommended that I setup a route in the Cisco machine to say 172.16.0.1 and set that up as my VPN IP. I'd prefer not to make changes to the Cisco machine; it's handled by another vendor and they don't know we're replacing them.
One question: on this step:
I actually have THREE interfaces. There's an OpenVPN interface, there's a tap1 interface, and a tap2 interface. I assume I assign the OpenVPN interface? What do I do with tap1 and tap2 (and why are there two?)
Create your Interface and Bridge:
1) Interfaces ---> (assign)
2) add an interface by pressing the "+" button
3) in the drop down box next to the OPT1 interface that was created choose the open vpn server instance we just created
If I change the OpenVPN from tap to tun, the tap1 and tap2 interfaces don't disappear. Do I have cruft in the system?
Thanks, sorry for the long post!
== John ==