No acces to Internet when connected to oVPN

viragomann

@gamienator-0
Seems the client is unable the resolve host names.

If you provide a DNS server in the OpenVPN settings ensure that it is reachable from the client, that the route is set properly and that the DNS servers ACL allow access from the OpenVPN clients.

Gamienator 0

@viragomann Thats the point, it can resolve it. But there is no connection for some reason. And I don't habe any blocking ACLs :(

WAN Rules.png OpenVPN Rules.png LAN Rules.png

As you can see, there are my Rules, WAN2, WAN, OpenVPN, LAN.

Do I oversee something?

The one Blocking Rule is a alias of two IP Adresses, which I don't want to connect to the web :)

viragomann

@gamienator-0 said in No acces to Internet when connected to oVPN:

Thats the point, it can resolve it.

Did you verify this?

Gamienator 0

@viragomann yes, I tried several hostnames, all were able to be resolved

viragomann

@gamienator-0
So can you provide some more details about your set up, please?

@gamienator-0 said in No acces to Internet when connected to oVPN:

My two pfSenses have a weird Issue I can't fix.

How are the two boxes involved into this issue?
Do you have the same issue on both? Or are the connected by a site-to-site VPN?
Is it an access server and you are connecting from a client computer?

Gamienator 0

@viragomann

The setup is the following. At Home I use one pfsense. My second pfsense box is on a dedicated root Server. This pfsenses are not connected, I use the pfsense on the root Server only to have an Adblock on my iPhone, since my Home Internet is not stable atm.

This Problem started on my Home pfsense 4 months ago. On my root Server pfsense two werks ago, where I had to setup the vpn Server again After an expiring certificate and accidantly resetting the pfsense CA.

I don't Really remeber why it broke at Home, but I remember on the root Server. There are two ovpn Server running, one on Port 1194 and the other on 11194. After deleting the Server 11194 and rerunning the Wizard none of the ovpn Servers are going me Internet While i'm connected

viragomann

@gamienator-0
And we are talking about the root server here or about your home box?
Interface names like TELEKOMPPOE or VODAFON... doesn't sound like a root server connection to me at all.

And you're connecting to one of these from your phone if I go you correctly?

Gamienator 0

@viragomann we're talking about both. But year, I showed you only the Home box. So to clarify, I got the no interner While connected von on both boxes, but to night I debugge only on the Home box because I beleive there is a missing rule which got deleted While deleting the ovpn Server or the Wizard did a Mess?

I tried it with several clients, my iPhone, my Notebook. All with OpenVPN Connect

viragomann

@gamienator-0
So let's go back to your statement above

While the IP Address 8.8.8.8 is pingable, I can't reach google.com for example and can't ping that server

In the OpenVPN server settings you have "Redirect gateway" checked to route all clients upstream traffic over the VPN?

If you go to Diagnostic > Ping on pfSense can you ping both?

Gamienator 0

@viragomann

Yes. My client connected via OVPN can Ping 8.8.8.8

it can resolve Google.com (216.58.212.163), but cant Ping it.

In diagnostic, Ping in the Browser the pfsense can resolv and Ping all.

And yes. Checkmark is in to redirect all traffic

viragomann

@gamienator-0
That's pretty strange. No idea why it could behave like that.
If access to 8.8.8.8 succeed, 216.58.212.163 should work as well if it works from pfSense itself.

Post the clients IPv4 routing table, please.

For testing you should disable pfBlockerNG and squid if available.

Gamienator 0

@viragomann Thanks, so I'm not the only one confused.

Here is the routing table:

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0       172.30.3.1      172.30.3.26     25
          0.0.0.0        128.0.0.0         10.0.9.1         10.0.9.2    257
         10.0.9.0    255.255.255.0   Auf Verbindung          10.0.9.2    257
         10.0.9.2  255.255.255.255   Auf Verbindung          10.0.9.2    257
       10.0.9.255  255.255.255.255   Auf Verbindung          10.0.9.2    257
    91.47.238.173  255.255.255.255       172.30.3.1      172.30.3.26    281
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    331
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    331
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
        128.0.0.0        128.0.0.0         10.0.9.1         10.0.9.2    257
     172.28.224.0    255.255.240.0   Auf Verbindung      172.28.224.1    271
     172.28.224.1  255.255.255.255   Auf Verbindung      172.28.224.1    271
   172.28.239.255  255.255.255.255   Auf Verbindung      172.28.224.1    271
       172.30.3.0    255.255.255.0   Auf Verbindung       172.30.3.26    281
      172.30.3.26  255.255.255.255   Auf Verbindung       172.30.3.26    281
     172.30.3.255  255.255.255.255   Auf Verbindung       172.30.3.26    281
      192.168.0.0    255.255.255.0   Auf Verbindung       192.168.0.5    271
      192.168.0.5  255.255.255.255   Auf Verbindung       192.168.0.5    271
    192.168.0.255  255.255.255.255   Auf Verbindung       192.168.0.5    271
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    331
        224.0.0.0        240.0.0.0   Auf Verbindung          10.0.9.2    257
        224.0.0.0        240.0.0.0   Auf Verbindung       192.168.0.5    271
        224.0.0.0        240.0.0.0   Auf Verbindung       172.30.3.26    281
        224.0.0.0        240.0.0.0   Auf Verbindung      172.28.224.1    271
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
  255.255.255.255  255.255.255.255   Auf Verbindung          10.0.9.2    257
  255.255.255.255  255.255.255.255   Auf Verbindung       192.168.0.5    271
  255.255.255.255  255.255.255.255   Auf Verbindung       172.30.3.26    281
  255.255.255.255  255.255.255.255   Auf Verbindung      172.28.224.1    271
===========================================================================

Bob.Dig

@gamienator-0 said in No acces to Internet when connected to oVPN:

10.0.9.1

What is it? Why we are talking in English here...

Gamienator 0

@bob-dig 10.0.9.1 is the Gateway. The virtual Network of that oVPN is 10.0.9.0/24

Bob.Dig

@gamienator-0 So when you talked about your oVPN client you meant a Client on your Windows Machine connecting to where?

viragomann

@gamienator-0
So the routes look well. Hence packets to both IPs, 8.8.8.8 and 216.58.212.163, should go over the VPN.

Sniff the traffic on pfSense OpenVPN interface using Packet Capture to verify this.

Gamienator 0

@bob-dig Exactly. It connects to the pfsense Box at home. The oVPN Client on my Windows Machine has 10.9.0.2 as an IP Adress and can reach all internal IPs (LAN has 10.0.0.0/21 and the LAN IP Address of the pfsense is 10.0.7.1 and is reachable)

Bob.Dig

@gamienator-0 I can't follow anymore. Maybe @viragomann is still on board.

Gamienator 0

@bob-dig

Alright:

Internal Network on my pfSense: 10.0.0.0/21 and the pfsense got LAN 10.0.7.1.

I'm outside of my home, and connecting to the oVPN Server. The oVPN Network is 10.9.0.0/24, and my windows client, which I'm connecting via the OpenVPN Client receives the IP-Address 10.9.0.2.

What else are you confused? I'm more then happy to clarify that :)

Aaah I see, I had a typo in my previous post. Sorry. I edited that

Gamienator 0

@viragomann Here is the Packet Capture. So there is something going in
OpenVPN Server.zip