Hi. I have a homemade pfsense box running version 2.3.3, with a quad NIC, and I was trying to get the remote OpenVPN working. I've went through the episodes, and I have a few questions. I followed the steps in the Remote Access OpenVPN video, and I can't connect from my smart phone to my LAN. I have the OnePlus3 running Nougat, and using the OpenVPN Connect app version 1.1.17, and OpenVPN core 3.0.12. I would like to connect to a samba share from my internal LAN. I created a remote user vpn group, I didn't assign any privileges to the user group, because I didn't see any that said anything about the remote openvpn. There were IPsec dialin, and L2TP dialin options though. I went through the setup wizard, and created my own self-signed keys. I configured just how you did just with some changes. Device mode: tap (i have tried it with tun). DH Length: 4096. IPv4 Tunnel: 192.168.0.1/28 (this is not an address assigned to any vlan or nic that I have). Local Net: 192.168.1.1/24 (my LAN interface that I would like the remote user to access). In the client export section the only change I made was the Password Protect Certificate: None. I then export the cert under - Inline Configurations: OpenVPN Connect (iOS/Android). These settings do not work, I don't get an error on the app, and it just keeps trying to extract. I have a few questions with this setup. Does the device mode need to be tap or tun? Does the IPv4 tunnel address need to be setup in the interfaces section to work? Would it be better to bridge DHCP instead of setting the IPv4 tunnel? Do I need to enable netbios over tcp/ip to reach the samba share? If so what node type and scope ID do I need to chose? Do I need to set the Client side overrides like the openvpn site to site video? Sorry for the huge paragraph, and thank you in advance for any help.
-
Unsolved pfsense: Remote Access OpenVPN
-
@nidsa-stokes said in pfsense: Remote Access OpenVPN:
Hi. I have a homemade pfsense box running version 2.3.3, with a quad NIC, and I was trying to get the remote OpenVPN working. I've went through the episodes, and I have a few questions. I followed the steps in the Remote Access OpenVPN video, and I can't connect from my smart phone to my LAN. I have the OnePlus3 running Nougat, and using the OpenVPN Connect app version 1.1.17, and OpenVPN core 3.0.12. I would like to connect to a samba share from my internal LAN. I created a remote user vpn group, I didn't assign any privileges to the user group, because I didn't see any that said anything about the remote openvpn. There were IPsec dialin, and L2TP dialin options though. I went through the setup wizard, and created my own self-signed keys. I configured just how you did just with some changes. Device mode: tap (i have tried it with tun). DH Length: 4096. IPv4 Tunnel: 192.168.0.1/28 (this is not an address assigned to any vlan or nic that I have). Local Net: 192.168.1.1/24 (my LAN interface that I would like the remote user to access). In the client export section the only change I made was the Password Protect Certificate: None. I then export the cert under - Inline Configurations: OpenVPN Connect (iOS/Android). These settings do not work, I don't get an error on the app, and it just keeps trying to extract. I have a few questions with this setup.
Does the device mode need to be tap or tun?
For mobile devices I believe TAP is correct.
Does the IPv4 tunnel address need to be setup in the interfaces section to work?
Yes, it's going to assign a tunnel connection between your device and the pfSense box.
Would it be better to bridge DHCP instead of setting the IPv4 tunnel?
I'm not sure on this one, I've never bridged this. so I don't really know whether it's better or not.
Do I need to enable netbios over tcp/ip to reach the samba share? If so what node type and scope ID do I need to chose?
I believe you'll have to if you're using names to access samba shares. Node type I'm not sure, if it requires you to do so, try the hybrid; if not leave it be. Scope ID is pretty old and probably only required if accessing really old equipment.
Do I need to set the Client side overrides like the openvpn site to site video?
I'm not sure on this one, I wouldn't believe so unless you've configured clients differently.
Sorry for the huge paragraph, and thank you in advance for any help.
No problem. This may be beyond me in a specific setup as I've not really tried to do what you're doing. But many people on this forum may be able to help
Cordially,
Ronnie Wong
Edutainer Manager, ACI Learning [ITPRO]
*if the post has answered the question, mark as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied service, support, or guarantee by ITProTV.
