Beyond Frustrated and Confused..

godyourestupid

Good Evening,

I cannot get NORD to work on my PFSense machine. I have a dedicated machine and the hard drive died. I replaced the drive with an SSD, (it was free and only 128MB)

I have installed 2.4 / 2.5 / and 2.6. After each install and carefully following the directions from Nord I cannot connect. Not only am I not able to connect, the VPN any machine that is connected to the PFSense box cannot connect AFTER I have set up Nord.

I have refreshed the install and connectivity is restored until I set up my open VPN client.

Anyone else having this issue? Or know what I need to change?

Thank you in advance.

KOM

@godyourestupid You've posted zero details so nobody has any idea what your problem is. What guide are you following? What does your config look like (post screenshots)? What error messages are you getting? What behaviour are you seeing? What's in the OpenVPN log when you try to get it running? Etc etc etc.

godyourestupid

@kom Touche .. I was a little fried .. :)

I replaced the drive, and the install works fine, I could browse the internet, setup package managers (PF Blocker is the only one ATM) then I installed nordVPN and I can no longer browse the internet with a device connecting through my pfsense machine.

I am currently running on build, 2.5.0-RELEASE.

The guide I used for set up is located here

Originally the server I used recommended by Nord was ..

Then I changed it to, us9574.nordvpn.com since it was listed to be used for open vpn connection.

Open VPN ( Nord) shows it is connected...

Connection STatus.PNG

I suspect this is a gateway issue, because once I set up the gateway via the above instructions I can no longer connect to the internet with any device behind the PFSense machine.

Mind you, that is just a guess. I have included the logs to see if anyone can make any sense of them.

Logs.txt

Any help would be appreciated!

Thanks.

Cool_Corona

Have you setup the GW for the VPN network?? And created outbound rules??

godyourestupid

@cool_corona said in Beyond Frustrated and Confused..:

Have you setup the GW for the VPN network?? And created outbound rules??

I assume GW means gateway? If so, I used the gateway settings in the above attached instructions. No luck

HOWEVER, I did not create outbound rules. I didn't recall seeing anything in there for that.

KOM

@godyourestupid Why are you using 2.5.0? That's old and not even the latest of the 2.5 branch. There have been changes to OpenVPN since then IIRC so I would strongly suggest you upgrade to 2.6. You need to create a gateway for your OpenVPN config and then create a LAN firewall rule that directs traffic to the VPN gateway. Rule placement order is important. Lastly, an outbound NAT rule so that traffic using the VPN gateway will be NATed to the VPN interface instead of WAN.

Edit: I just checked that guide and everything is in there so you must have done something wrong. Post screens of your OpenVPN config, your LAN rules, your outbound NAT rules, and maybe we can spot something obvious.

pftdm007

If you haven't created the NAT Outbound rule for each of your local LAN's (VLAN's, etc) then you have not followed the NordVPN tutorial to the letter. Review each step. I just did this on 2.6 and after some fears of having downtime, I must say it worked flawlessly and pretty much right away (thanks to @KOM !)

godyourestupid

@kom

Firewall NAT Outbound.png Firewall Rules LAN.png [NAT Outbound Edit.pdf](Invalid file type. Allowed types are: .png, .jpg, .bmp, .txt, .gif, .xls, .gz, .zip, .pcap, .pcapng, .7z, .xml, .jpeg, .diff, .patch, .tgz, .tar, .0, .cap) OpenVPN Clients Edit_Page_8.png OpenVPN Clients Edit_Page_7.png OpenVPN Clients Edit_Page_6.png OpenVPN Clients Edit_Page_5.png OpenVPN Clients Edit_Page_4.png OpenVPN Clients Edit_Page_3.png OpenVPN Clients Edit_Page_2.png OpenVPN Clients Edit_Page_1.png NAT Outbound Edit_Page_2.png NAT Outbound Edit_Page_1.png

I hope I included everything you asked for.

Thank you all for taking the time to look at this!

Bob.Dig

@godyourestupid What is 192.168.2.0/24? Also better use hybrid outbound.

KOM

@godyourestupid When you say you can't connect, what do you mean? Can you ping 8.8.8.8? Can you resolve www.google.com (or any external site)?

godyourestupid

@kom said in Beyond Frustrated and Confused..:

@godyourestupid When you say you can't connect, what do you mean? Can you ping 8.8.8.8? Can you resolve www.google.com (or any external site)?

When I ping, 8.8.8.8 or google.com, I get request timed out.

godyourestupid

@bob-dig said in Beyond Frustrated and Confused..:

@godyourestupid What is 192.168.2.0/24? Also better use hybrid outbound.

192.168.2.0/24 is set from the directions listed by Nord, along with using manual rules for outboud.

Aaaaaaand I just changed it from 192.168.2.0 to 192.168.1.0 and it worked. I cannot believe I missed that.

Thank you so much! @Bob-Dig and @KOM

Bob.Dig

@godyourestupid said in Beyond Frustrated and Confused..:

192.168.2.0/24 is set from the directions listed by Nord, along with using manual rules for outboud.

You havbe to change that to your LAN IP address space.

godyourestupid

@bob-dig Thank you for all your help!

BTW I updated to 2.6 AND I will make a back up of my config once I have everything back up. PFBlocker is next. :)