Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2]

Author Topic: pfSense and OpenVPN  (Read 3013 times)

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: pfSense and OpenVPN
« Reply #15 on: March 28, 2021, 11:50:51 AM »

I don't think it should be, that's what the rule we added was for to allow incoming NAT from any IP and protocol on the VPN to the LAN.

That's the Windows server I'm referring to - if I turn off the Windows firewall trace cert and ping works fine, I tried adding a firewall rule to permit all from 192.168.4.1 to 192.168.4.3 but that didn't work.

Quote
Do you have Redirect IPv4 Gateway set on the OpenVPN server?

Yes I do, is that correct?
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: pfSense and OpenVPN
« Reply #16 on: March 28, 2021, 02:31:29 PM »

Yes that sounds right.  I always keep the Windows firewall off if I can as honestly I think its awful.  Its particularly problematic when minor network changes can seem to suddenly trigger Windows to change your network from Private back to Public, causing the firewall to kick-in.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: pfSense and OpenVPN
« Reply #17 on: March 28, 2021, 03:05:08 PM »

I'm pretty sure my brother will know how to set it up - he has a site to site VPN with two Draytek modems either end, he did mention he had to configure something on the Windows firewall.

Yes it can be a pain, and when it changes to public it always seems a pain to find the option to change it back.

Thanks for your help.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: pfSense and OpenVPN
« Reply #18 on: March 29, 2021, 08:11:18 PM »

Spoke to my brother this evening, and he had exactly the same issue when he set up his Draytek site to site VPN, as each end is on a different subnet.

Turns out he'd actually sent me the info when he did his.

This is an extract of what he sent me:

Quote
I can remote desktop to my Win10Pro PC from the other end using its local IP address but not it’s machine name unless I add that to "C:\Windows\System32\drivers\etc\hosts".

Windows FW only allows traffic to/from the local subnet, yet the 2 routers HAVE to be on different subnets.  I do not want to turn FW off.  If I add the remote subnet 192.168.1.0/24 to the scope of “File and Printer Sharing (Echo Request - ICMPv4-In)” FW rule, I can ping it but still no access via Windows Explorer.

I found this https://www.npcglib.org/~stathis/blog/2013/02/18/windows-task-sharing-files-across-different-subnets/ which advocates adding the remote subnet to just the FW rule “File and Printer Sharing (SMB-In)”. It seems to work.

I also found this: https://www.experts-exchange.com/articles/17507/Windows-Firewall-Settings-for-Inter-Subnet-Peer-to-Peer-Networks-File-Sharing.html which advocates changing FW rules for:
File and Printer Sharing (LLMNR-UDP-In)
File and Printer Sharing (NB-Datagram-In)
File and Printer Sharing (NB-Name-In)
File and Printer Sharing (NB-Session-In)
File and Printer Sharing (SMB-In)

On my server I simply had to add the IP's to “File and Printer Sharing (SMB-In)” and “File and Printer Sharing (Echo Request - ICMPv4-In)”, the latter enables ping and trace route. I also added the server name and IP address to the Hosts file, that then allowed me to navigate to the server in file explorer as it didn't appear on the network - often the case with Windows!

I guess the second lot is only required if we wanted to share printers, which we don't.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: pfSense and OpenVPN
« Reply #19 on: April 04, 2021, 11:50:27 PM »

Did you set the 2nd subnet to private or public profile in windows network settings?
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: pfSense and OpenVPN
« Reply #20 on: April 05, 2021, 12:16:50 AM »

It's set to private, all working now, thanks.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: pfSense and OpenVPN
« Reply #21 on: April 05, 2021, 01:10:19 AM »

No worries. :) Just be careful and make sure its secure both ends as it will have same firewall permissions as a local network.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 4300
Re: pfSense and OpenVPN
« Reply #22 on: April 05, 2021, 09:14:08 AM »

My brother's pretty paranoid about security, and he'll only connect when he needs to, and this way is more secure than the Windows VPN we used previously.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D
Pages: 1 [2]