Problems routing all traffic through tunnel
-
Do you have a rule to allow everything out from the LAN?
* LAN net * * * * Default LAN -> any
Open everything up and then make sure it works.
Once you have it working you can lock things down.SFM
-
Thanks for the reply :)
Yea i have that rule, however i think that rule only applies to nodes on the same subnet as the green card on the firewall. I tried to add a similar rule with my vpn subnet but no luck.
I also tried adding a rule allow anything from anywhere to anyplace on both LAN and WAN and still couldnt ping out, so maybe it isnt a firewall related. Any ideas ?
Anyone else got this working?
-
http://www.uplinksecurity.de/data/pfsense-ovpn.pdf
Is everything setup like it is described in this document?
If you don't use the (push "redirect-gateway def1") command can you get everything to work except of course the redirection of your gateway?
-
Yes its more or less set up like the pdf describes.
Everything works excellent when i dont redirect the gateway, i can reach the internet (not through tunnel) and the remote subnet without any problems. Even when i do redirect gateway i can reach the remote subnet but not the internet at all. -
Hum….
If you do an ipconfig /all does it show that the gateway has been added to your client computer when you are connnected?
Are you pushing more then just the gateway?
If so are you adding the ; between items?push "dhcp-option DNS 10.0.0.10";push "dhcp-option WINS 10.0.0.10"
Do the other pushed items show in ipconfig /all (wins or DNS if you are pushing them)
Are you pushing the dns?
You may need this to get to the outside worldJust a few ideas
SFM -
The gateway gets pushed to the client correctly so that works ok.
I don push any other options except the gateway, but im thinking that shouldnt matter cause im not trying to ping a dnsadress just a regular ip.
Running out of ideas here :/ -
what you are trying to do is working for me right now.
i use TCP since i have to use a proxy.here's my config.
maybe you want to compare it with your own.$ less /var/etc/openvpn_server0.conf
writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto tcp-server
cipher BF-CBC
client-to-client
server 172.17.103.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
lport 443
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo
persist-remote-ip
float
push "redirect-gateway def1"
push "dhcp-option DNS 172.17.103.1" -
Thanks, very helpful!
OK i compared our configs now and its almost identical except subnets, port, cipher and compression. And those shouldnt matter much i guess.
Did you add any rules to your firewall to get it to work ? -
i only added a rule to allow traffic to any
-
If you are connecting with windows xp service pack 2 make sure the firewall is off on the OVPN adapter.
You can have the firewall on all connections but the Open VPN.There is a known issue with xp2 and openvpn.
www.openvpn.org -
No my client is on an Ubuntubox, but thanks anyway : )
-
I realize this topic is a month old, but a friend and I have been banging our heads again the wall for about 3 hours now trying to figure this out. We finally did. What you need to do is go into Firewall/NAT/Outbound then enable Advanced outbound NAT and add a line for your VPN's network much like your internal LAN. Once that was added it started working.
-
cheers,
tpunder, could you please send me or upload a screenshot of
your working outbound NAT rules so i can add them to the
tutorial?thanks.
kind regards
dairaen -
cheers,
tpunder, could you please send me or upload a screenshot of
your working outbound NAT rules so i can add them to the
tutorial?thanks.
kind regards
dairaenNo problem, I just sent a PM with a screenshot.
