Need to access files on PC using pfsense OpenVPN w/o modifying Windows Firewall

Networking & Firewalls
1
  • I am a below-average firewall expert
  • Newbie to pfsense/Netgate 3100
  • Watched LTS video on how to setup Open VPN
  • Successfully completed the OpenVPN Remote Access wizard, created, downloaded and installed the client
  • Able to login to the Netgate at office on the 192.168.1.0/24 network while connected to VPN from home
  • Tunnel network is 10.0.8.0/24
  • Unable to ping nor access the shared folder on a PC
  • Spent time on forums and found post that said the Windows Firewall needs to have a New Rule created to allow the 10.0.8.0/24 network
  • That worked.
  • However, when compared to the complimentary Untangle firewall using the same OpenVPN remote access tunnel, there was no need to add such a rule to the PCs that had shared folders.

Is there a way to eliminate the need to add the “New Rule” to target PCs by making a change to the pfsense/Netgate OpenVPN configuration?

Thanks in advance!

Dean

2

Is the network your connecting from (presumably your home) on a different address range ? If not, it will be easier to change your home network to say 192.168.100.0.

3

Thanks for the quick reply!

The home network of the PC that has the remote access client software installed is 192.168.168.0/24

4

For what it’s worth, if ICMP traffic is allowed you ought to be able to ping the machine, if the rules are set up correctly.

It sounds like a rules issue.

The rules for the OpenVPN can be considered as another network, that network needs access to the LAN.

5

I can grab a screen shot of the rules to show you.

Which one(s) would you want to see?

6

You can post the rules for the LAN, OpenVPN, outbound NAT.

7

Sorry for not replying sooner…I’m working today…so please bear with me

lan rules
lan rules1242×587 43.7 KB

8

openvpn rules
openvpn rules1220×454 29 KB

9

outbound
outbound1231×741 52.3 KB

10

It looks like your rules will let the VPN traffic to pass.

I assume your WAN rules allow port 1194 to pass too.

When you inspect Diagnostic > OpenVPN you can see your client.

Can you ping pfSense on the 192.168.1.0 network ? You ought to be able.

On windows if you run the command net view you should see the machines on that network.

11

wan rules
wan rules1231×526 38.8 KB

12

openvpn status
openvpn status1241×357 30.3 KB

13

After a bit of googling I notice this [Solved] How to access windows shares via OpenVPN - OpenVPN Support Forum so it looks like windows firewall must have the tunnel network added.

Usually when setting up OpenVPN it’s in TUN mode, as you have done. If it is setup in TAP mode it allows the client to act as if it’s on that network. That should overcome your precise issue. Though I would add I haven’t setup openvpn in TAP mode, so there might be more you need to do.

14

Yes, I can ping the pfsense 192.168.1.1 from the client and can actually log in to the dashboard from the client.

Net View shows no other computers from either PC

15

OK, so now I need to figure out how to make it work in TAP mode.

Thanks for taking your valuable time to help me!

16

Take a look at this it should get you a few steps further

https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html

17

Thank you for your help, neogrid!