turn on client... poof... no internet
-
I am trying to get my entire network to exit through the remote VPN. I am able to connect to the remote server with no issues. When using OpenVPN and the same config file on a PC, I am able to successfully navigate to the internet and have the VPN server's IP. How do I make this a successful endeavor?
-
@sandsjh Look for a tut on your VPN-Providers Website?
-
Haha. Didn't know you had jokes. Of course, they don't support routing or firewalls with pfSense. Only dd-wrt and desktop OS.
-
@sandsjh
Basically you have to import the CA certificate and the client cert on pfSense, then simply configure the client by taking over the settings from the .ovpn file.
Not really difficult. -
@viragomann The client connects just fine. No problem. "Connected." pfSense just blocks everything once the client becomes connected.
-
@sandsjh
Yeah, some more settings needed...Assign an interface to the OpenVPN client instance (e.g. ovpnc1) and enable it and state a proper name.
Then go the Firewall > NAT > outbound. Enable the hybrid mode and add a new rule:
interface: the ovpn clients interface
source: your internal networks (or maybe any)
destination: any
translation: interface address -
@viragomann it works!! THANK YOU!!!!
-
@viragomann Do you think your answer is the same resolution for this? https://forum.netgate.com/topic/175644/tailscale-exit-node
-
@sandsjh
I'm not familiar with Tailscale. But I don't think, that it's the same reason. As you wrote, your machines are able to access the internet, but they go out with your WAN IP instead of the VPN endpoint. So it's obviously a routing issue.The OpenVPN server in this topic pushes the default route to you. You can check that out in pfSense routing table. If the route is not pushed by the server you can state it in the client settings anyway to direct all traffic to the VPN server.
There might be a similar option in Tailscale.Is see you stated "--accept-routes", but possibly the server doesn't send ones.
Look for an option to actively set routes on the client.
If that is done you maybe also need an outbound NAT, if that isn't done automatically in Tailscale.
