Internet access lost with OpenVPN
-
Why does it always work from the LAN?
Why does OpenVPN initially work? It ran for 20 minutes yesterday. It's working this way too, yet I'm connected to OpenVPN.
DNS-Resolver is enabled and these are the DNS
-
@darkcorner, I need more information about firewall rules and firewall logs at the moment that I can no longer navigate correctly.
-
@darkcorner
We are still in the dark about what kind of OpenVPN you're talking here.
Please response to the questions @Gertjan asked above. -
@viragomann said in Internet access lost with OpenVPN:
Please response to the questions
The more information you provide about your system the faster we can help.
-
It seemed to me that I made it clear.
OpenVPN has been activated on pfSense and on Win11 PC there is OpenVPN GUI.
There is a "Remote Access (SSL / TLS + User Auth)" Server
Use a TLS Key = ON
Data Encryption Algorithms = AES-256-CBC
Redirect IPv4 Gateway = Force all client-generated IPv4 traffic through the tunnel.
Dynamic IP = Allow connected clients to retain their connections if their IP address change
Topology = Subnet - One IP address per client in a common subnet
Ping settings / Inactive = 0Obviously there is a C.A. a certificate for the server and one for the user who connects via VPN. Once activated, in pfSense I log in as "Admin"
The configuration on pfSense was created with the wizard and therefore the rule is the one created automatically.
The client configuration was exported with the addon and brought to the PC to be used by the client.However, I repeat, even now I am working connected to OpenVPN and I am surfing the Internet. Maybe in next 10 minutes I keep the VPN connection, but I lose the ability to surf.
==== Update
As I said, not even a couple of minutes after my reply, here I have lost the internet, but the VPN is still active.
I am forced to shut down the VPN just to respond. -
@darkcorner said in Internet access lost with OpenVPN:
Redirect IPv4 Gateway = Force all client-generated IPv4 traffic through the tunnel.
If you have Redirect gateway on you should provide a DNS server to the clients, do you?
I asked that above already. -
@viragomann said in Internet access lost with OpenVPN:
@darkcorner said in Internet access lost with OpenVPN:
Redirect IPv4 Gateway = Force all client-generated IPv4 traffic through the tunnel.
If you have Redirect gateway on you should provide a DNS server to the clients, do you?
I asked that above already.I answered above.
In pfSense there is 127.0.0.1, 8.8.8.8 and 8.8.4.4
On the PC there is 8.8.8.8, 8.8.4.4
But if I am connected in OpenVPN the active DNS should be that of the pfSense, but not that of PC, right?
DNS which are the same, apart from 127.0.0.1.Or do I have to set up DNS somewhere else?
That said, the question remains as to why there is this double quirk of a DNS that works and then stops working. Sometimes it works for a couple of minutes, sometimes more.
-
@darkcorner said in Internet access lost with OpenVPN:
But if I am connected in OpenVPN the active DNS should be that of the pfSense, but not that of PC, right?
This depends on if you have this option checked in the DNS server settings:
As stated above, it's recommend to check it and then enter at least one DNS server. But not 127.0.0.1, cause this would be the client itself, which is naturally not capable to resolve requests.
If you want to the client to request pfSense for DNS resolution, enter the virtual VPN server IP or another interface IP.
-
@viragomann
This setting was not active.
Today I try it.
thanks for now -
@viragomann
I tried turning this setting on and using Google's DNS. I haven't actually had any interruptions for over 15 minutes.
But I don't understand:- Why doesn't Internet browsing work without this setting? If I ask to direct all traffic via pfSense, I would have already had to use the DNS of pfSense, which by the way are always those of Google.
- Why did the navigation stop after some time? If I was missing DNS, I was missing them from the start.
However now it seems to work and therefore I consider the problem solved.
Thank you all. -
@darkcorner said in Internet access lost with OpenVPN:
Why doesn't Internet browsing work without this setting? If I ask to direct all traffic via pfSense, I would have already had to use the DNS of pfSense,
Imagine the clients resides in 192.168.1.0/24, his network settings are
IP = 192.168.1.25
mask = 255.255.255.0
DNS server = 192.168.2.3So his DNS server resides in another subnet, which he is able to access via his router.
Now the VPN clients establishes the VPN connection and as you have checked "Redirect gateway", the client changes the default route and point it to the VPN server instead of his local router. Hence he will no longer be able to reach the DNS server at 192.168.2.3, cause this traffic is directed to the OpenVPN server as well.
Why did the navigation stop after some time? If I was missing DNS, I was missing them from the start.
Possibly due to his local DNS cache.