No acces to Internet when connected to oVPN

Gamienator 0

The setup is the following. At Home I use one pfsense. My second pfsense box is on a dedicated root Server. This pfsenses are not connected, I use the pfsense on the root Server only to have an Adblock on my iPhone, since my Home Internet is not stable atm.

This Problem started on my Home pfsense 4 months ago. On my root Server pfsense two werks ago, where I had to setup the vpn Server again After an expiring certificate and accidantly resetting the pfsense CA.

I don't Really remeber why it broke at Home, but I remember on the root Server. There are two ovpn Server running, one on Port 1194 and the other on 11194. After deleting the Server 11194 and rerunning the Wizard none of the ovpn Servers are going me Internet While i'm connected

viragomann

@gamienator-0
And we are talking about the root server here or about your home box?
Interface names like TELEKOMPPOE or VODAFON... doesn't sound like a root server connection to me at all.

And you're connecting to one of these from your phone if I go you correctly?

Gamienator 0

@viragomann we're talking about both. But year, I showed you only the Home box. So to clarify, I got the no interner While connected von on both boxes, but to night I debugge only on the Home box because I beleive there is a missing rule which got deleted While deleting the ovpn Server or the Wizard did a Mess?

I tried it with several clients, my iPhone, my Notebook. All with OpenVPN Connect

viragomann

@gamienator-0
So let's go back to your statement above

While the IP Address 8.8.8.8 is pingable, I can't reach google.com for example and can't ping that server

In the OpenVPN server settings you have "Redirect gateway" checked to route all clients upstream traffic over the VPN?

If you go to Diagnostic > Ping on pfSense can you ping both?

Gamienator 0

@viragomann

Yes. My client connected via OVPN can Ping 8.8.8.8

it can resolve Google.com (216.58.212.163), but cant Ping it.

In diagnostic, Ping in the Browser the pfsense can resolv and Ping all.

And yes. Checkmark is in to redirect all traffic

viragomann

@gamienator-0
That's pretty strange. No idea why it could behave like that.
If access to 8.8.8.8 succeed, 216.58.212.163 should work as well if it works from pfSense itself.

Post the clients IPv4 routing table, please.

For testing you should disable pfBlockerNG and squid if available.

Gamienator 0

@viragomann Thanks, so I'm not the only one confused.

Here is the routing table:

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0       172.30.3.1      172.30.3.26     25
          0.0.0.0        128.0.0.0         10.0.9.1         10.0.9.2    257
         10.0.9.0    255.255.255.0   Auf Verbindung          10.0.9.2    257
         10.0.9.2  255.255.255.255   Auf Verbindung          10.0.9.2    257
       10.0.9.255  255.255.255.255   Auf Verbindung          10.0.9.2    257
    91.47.238.173  255.255.255.255       172.30.3.1      172.30.3.26    281
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    331
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    331
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
        128.0.0.0        128.0.0.0         10.0.9.1         10.0.9.2    257
     172.28.224.0    255.255.240.0   Auf Verbindung      172.28.224.1    271
     172.28.224.1  255.255.255.255   Auf Verbindung      172.28.224.1    271
   172.28.239.255  255.255.255.255   Auf Verbindung      172.28.224.1    271
       172.30.3.0    255.255.255.0   Auf Verbindung       172.30.3.26    281
      172.30.3.26  255.255.255.255   Auf Verbindung       172.30.3.26    281
     172.30.3.255  255.255.255.255   Auf Verbindung       172.30.3.26    281
      192.168.0.0    255.255.255.0   Auf Verbindung       192.168.0.5    271
      192.168.0.5  255.255.255.255   Auf Verbindung       192.168.0.5    271
    192.168.0.255  255.255.255.255   Auf Verbindung       192.168.0.5    271
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    331
        224.0.0.0        240.0.0.0   Auf Verbindung          10.0.9.2    257
        224.0.0.0        240.0.0.0   Auf Verbindung       192.168.0.5    271
        224.0.0.0        240.0.0.0   Auf Verbindung       172.30.3.26    281
        224.0.0.0        240.0.0.0   Auf Verbindung      172.28.224.1    271
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
  255.255.255.255  255.255.255.255   Auf Verbindung          10.0.9.2    257
  255.255.255.255  255.255.255.255   Auf Verbindung       192.168.0.5    271
  255.255.255.255  255.255.255.255   Auf Verbindung       172.30.3.26    281
  255.255.255.255  255.255.255.255   Auf Verbindung      172.28.224.1    271
===========================================================================

Bob.Dig

@gamienator-0 said in No acces to Internet when connected to oVPN:

10.0.9.1

What is it? Why we are talking in English here...

Gamienator 0

@bob-dig 10.0.9.1 is the Gateway. The virtual Network of that oVPN is 10.0.9.0/24

Bob.Dig

@gamienator-0 So when you talked about your oVPN client you meant a Client on your Windows Machine connecting to where?

viragomann

@gamienator-0
So the routes look well. Hence packets to both IPs, 8.8.8.8 and 216.58.212.163, should go over the VPN.

Sniff the traffic on pfSense OpenVPN interface using Packet Capture to verify this.

Gamienator 0

@bob-dig Exactly. It connects to the pfsense Box at home. The oVPN Client on my Windows Machine has 10.9.0.2 as an IP Adress and can reach all internal IPs (LAN has 10.0.0.0/21 and the LAN IP Address of the pfsense is 10.0.7.1 and is reachable)

Bob.Dig

@gamienator-0 I can't follow anymore. Maybe @viragomann is still on board.

Gamienator 0

@bob-dig

Alright:

Internal Network on my pfSense: 10.0.0.0/21 and the pfsense got LAN 10.0.7.1.

I'm outside of my home, and connecting to the oVPN Server. The oVPN Network is 10.9.0.0/24, and my windows client, which I'm connecting via the OpenVPN Client receives the IP-Address 10.9.0.2.

What else are you confused? I'm more then happy to clarify that :)

Aaah I see, I had a typo in my previous post. Sorry. I edited that

Gamienator 0

@viragomann Here is the Packet Capture. So there is something going in
OpenVPN Server.zip

viragomann

@gamienator-0
Can only find pings to 8.8.8.8, but not to 216.58.212.163.
Did you try?
If yes, it are presumably not routed over the VPN indeed or simply blocked anywhere.

Gamienator 0

@viragomann I did try it on that record. So year, it seems like it get blocked ... but why? On the systemlogs Firewall I see only this couple of entrys:

viragomann

@gamienator-0
No, not on pfSense. If it was blocked on pfSense you would at least see the packets on the OpenVPN interface though.

So I assume, the traffic is either blocked on the client or routed out to another gateway. However, according to the routing table the latter shouldn't be the case.

Gamienator 0

@viragomann Okay ... but thats weird, since I got this issue on different client, even an iPhone aswell.

So I guess there are two options: I try to complete wipe the oVPN Server on the pfSense, rebuild the complete pfSense or move the oVPN server to a small VM and passthrough the Port

viragomann

@gamienator-0 said in No acces to Internet when connected to oVPN:

Okay ... but thats weird, since I got this issue on different client

Yes, it is.

Did you try to ping the IP 216.58.212.163, not the host name?
Consider that the IP you get from DNS for the host name may change.

The VPN server should run on the router which is the default gateway, otherwise the routing configuration is more complex.