Page 1 of 1

Can not access distant LAN

Posted: Tue Feb 12, 2019 7:33 am
by scott451
Hello,

I am connecting to a distant network running OpenVPN server on PfSense. I used the export setting option on PfSense to generate a config file and thought connecting would be easy. Well I can connect but I can not see anything on the local LAN except the PfSense machine.

Connection log looks good

Code: Select all

2019-02-11 21:17:01: Viscosity Mac 1.7.14 (1480)
2019-02-11 21:17:01: Viscosity OpenVPN Engine Started
2019-02-11 21:17:01: Running on macOS 10.13.6
2019-02-11 21:17:01: ---------
2019-02-11 21:17:01: State changed to Connecting
2019-02-11 21:17:01: Checking reachability status of connection...
2019-02-11 21:17:01: Connection is reachable. Starting connection attempt.
2019-02-11 21:17:01: OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov 23 2018
2019-02-11 21:17:01: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
2019-02-11 21:17:02: TCP/UDP: Preserving recently used remote address: [AF_INET]78.193.76.237:1194
2019-02-11 21:17:02: UDP link local (bound): [AF_INET][undef]:1194
2019-02-11 21:17:02: UDP link remote: [AF_INET]78.193.76.237:1194
2019-02-11 21:17:02: State changed to Authenticating
2019-02-11 21:17:02: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-02-11 21:17:03: [OpenVPN CA] Peer Connection Initiated with [AF_INET]78.193.76.237:1194
2019-02-11 21:17:04: Opened utun device utun10
2019-02-11 21:17:04: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2019-02-11 21:17:04: /sbin/ifconfig utun10 delete
2019-02-11 21:17:04: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2019-02-11 21:17:04: /sbin/ifconfig utun10 192.168.5.2 192.168.5.2 netmask 255.255.255.0 mtu 1500 up
2019-02-11 21:17:04: Initialization Sequence Completed
2019-02-11 21:17:04: DNS mode set to Split
2019-02-11 21:17:04: WARNING: Split DNS is being used however no DNS domains are present. The DNS server/s for this connection may not be used. For more information please see: https://www.sparklabs.com/support/kb/article/warning-split-dns-is-being-used-however-no-dns-domains-are-present/
2019-02-11 21:17:04: State changed to Connected


But ifconfig is confusing

Code: Select all

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
   options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
   inet 127.0.0.1 netmask 0xff000000
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
   nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
   options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
   ether ac:87:a3:0b:31:cb
   inet6 fe80::1c49:cdd6:3637:93cc%en0 prefixlen 64 secured scopeid 0x5
   inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255
   nd6 options=201<PERFORMNUD,DAD>
   media: autoselect (1000baseT <full-duplex>)
   status: active
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
   ether 88:63:df:cc:9f:d9
   inet6 fe80::1044:2f42:6634:e2fc%en1 prefixlen 64 secured scopeid 0x6
   inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255
   nd6 options=201<PERFORMNUD,DAD>
   media: autoselect
   status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
   ether 0a:63:df:cc:9f:d9
   media: autoselect
   status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
   ether 0a:ca:c9:0e:4d:e5
   inet6 fe80::8ca:c9ff:fe0e:4de5%awdl0 prefixlen 64 scopeid 0x8
   nd6 options=201<PERFORMNUD,DAD>
   media: autoselect
   status: active
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
   options=60<TSO4,TSO6>
   ether 0a:00:00:3e:da:70
   media: autoselect <full-duplex>
   status: inactive
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
   options=60<TSO4,TSO6>
   ether 0a:00:00:3e:da:71
   media: autoselect <full-duplex>
   status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
   options=63<RXCSUM,TXCSUM,TSO4,TSO6>
   ether 0a:00:00:3e:da:70
   Configuration:
      id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
      maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
      root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
      ipfilter disabled flags 0x2
   member: en2 flags=3<LEARNING,DISCOVER>
           ifmaxaddr 0 port 9 priority 0 path cost 0
   member: en3 flags=3<LEARNING,DISCOVER>
           ifmaxaddr 0 port 10 priority 0 path cost 0
   nd6 options=201<PERFORMNUD,DAD>
   media: <unknown type>
   status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
   inet6 fe80::c6e8:4ac:d89c:e1c9%utun0 prefixlen 64 scopeid 0xc
   nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
   inet6 fe80::5291:d8fb:8a48:b96%utun1 prefixlen 64 scopeid 0xd
   nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
   inet6 fe80::43f3:e38:f121:c36a%utun2 prefixlen 64 scopeid 0xe
   nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
   inet6 fe80::7570:4767:da6b:68cd%utun3 prefixlen 64 scopeid 0xf
   nd6 options=201<PERFORMNUD,DAD>
utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
   inet6 fe80::6c19:d56a:3d19:e49f%utun4 prefixlen 64 scopeid 0x10
   nd6 options=201<PERFORMNUD,DAD>
utun10: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
   inet 192.168.5.2 --> 192.168.5.2 netmask 0xffffff00


I must be doing something stupid. Any ideas or obvious errors ? Thanks for any help !


- Scott

Re: Can not access distant LAN

Posted: Tue Feb 12, 2019 8:20 pm
by scott451
Answer to self ...

Everything works, just not like I expected.

All the crazy stuff on ifconfig is normal, just interfaces I was not aware of. ;-)


- Scott

Re: Can not access distant LAN

Posted: Wed Feb 13, 2019 8:56 pm
by James
Hi Scott,

Everything works, just not like I expected.

If you expected machines on the remote network to be listed in the left hand side of windows in the Finder, it's possible to achieve this. There are two approaches you can take: either switch to using a TAP/Bridged VPN connection instead of a TUN/Routed one (this must be done on both the server and the client), or set up a mDNS Repeater on the server (a quick Internet search turns up a project called "mdns-repeater" for pfSense which might do the job).

Cheers,
James