OpenVPN clients loosing Internet access

dansci

Hi, I have a problem with configuring rules for OpenVPN.
With rules like the following, I have access to local resources and to the Internet when connecting via VPN. But when I disable the first rule allowing everything I lose Internet access on VPN clients. Access to local resources remains for them.

The rules below the first one are copied from the VLAN, which in my case has practically the same permissions as the VPN clients should have. Only that I have the subnet 192.168.11.0/24 set as the source here, because that's where the clients get their addresses from.

I am asking for help please.

viragomann

@dansci
You have to decide if you want to route the whole clients upstream traffic over the VPN or only your local networks.

If the local networks only uncheck "Redirect gateway" in the server settings and enter your local networks into the respective box.

If the clients routes all upstream traffic to the VPN server anyway there must be something wrong with the client VPN.

dansci

@viragomann I just need to give clients the ability to access selected local network resources.

So I set it up as below, now the problem of accessing DNS Resolver on pfSense remains.

In the DNS server settings, I see that there is no option to set it on the OpenVPN interface. Hence, VPN clients could use DNS on the main interface: 192.168.99.1. But something is not working for me.

Jarhead

@dansci Just to add, putting an allow all rule on top negates everything below it. First rule that fits is the only one applied.

dansci

@jarhead Thanks, that's what I'm aware of. It was a rule added by the OpenVPN wizard and I keep it there as 'disabled'. I only run it when something completely doesn't want to work, to see if it's a firewall issue.

viragomann

@dansci
Ensure that the OpenVPN tunnel network is added to the Resolvers ACL or add it manually if it isn't.