SOLVED - can't make -Redirect traffic to the vpn tunnel tunnel to work

jtpagaran

Hi,

I have a 1.2.1-RC1  box running perfectly for months, now that we need a secure connection back to the Office Lan. We decided to take a look at openvpn capability of pfsense.

Here's our layout;

Road Warrior ==========>Wan-58.71.x.x[firestarter/linuxbox]lan10.10.100.1
<–Crossover cable-->
wan - 10.10.100.2 [pfsensebox] Lan - 192.168.1.1 –---->Office Lan 192.168.1.0/24

Note: PPTP server/access  is also running perfectly.

openvpn config

udp
dynamic ip
1194
192.168.111.0/24
192.168.1.0/24
pki
push "dhcp-option DNS 208.67.222.222" ;route 192.168.0.0 255.255.255.0 ; push "push "redirect-gateway def1"

I can connect successfuly to the vpn server and leased with ip 192.168.111.x, can ping ip in my 192.168.1.x network, can access the shared folder but "browsing, ping and tracert to internet is lost.

here's my route print from my xp test client machine

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
         0.0.0.0          0.0.0.0    192.168.111.5   192.168.111.6       1
      10.10.10.0    255.255.255.0     10.10.10.105    10.10.10.105       20
    10.10.10.105  255.255.255.255        127.0.0.1       127.0.0.1       20
  10.255.255.255  255.255.255.255     10.10.10.105    10.10.10.105       20
    58.71.23.228  255.255.255.255       10.10.10.1    10.10.10.105       1
       127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     192.168.1.0    255.255.255.0    192.168.111.5   192.168.111.6       1
   192.168.111.1  255.255.255.255    192.168.111.5   192.168.111.6       1
   192.168.111.4  255.255.255.252    192.168.111.6   192.168.111.6       30
   192.168.111.6  255.255.255.255        127.0.0.1       127.0.0.1       30
 192.168.111.255  255.255.255.255    192.168.111.6   192.168.111.6       30
       224.0.0.0        240.0.0.0     10.10.10.105    10.10.10.105       20
       224.0.0.0        240.0.0.0    192.168.111.6   192.168.111.6       30
 255.255.255.255  255.255.255.255     10.10.10.105    10.10.10.105       1
 255.255.255.255  255.255.255.255    192.168.111.6           10005       1
 255.255.255.255  255.255.255.255    192.168.111.6   192.168.111.6       1
Default Gateway:     192.168.111.5

Persistent Routes:
 None

Note: sorry for my bad english and i tried to searching for this but i can't find a solution to this.

Thanks. :)

jtpagaran

A little update!!

I was able to solve my my issue by building my pfsense-openvpn configuration from scratch.

I followed the tutorials thoroughly, and i got it. just follow the tutorial and don't forget to add manual "AON" with the ip address range that you specify in "address poll" field.

Interface   Source   Source Port   Destination   Destination Port   NAT Address   NAT Port   Static Port   Description  
[add new mapping]
WAN   192.168.0.0/24 * * * * * NO Auto created rule for LAN

WAN   192.168.111.0/24 * * * * * NO openvpn virtual network

Thanks to all.. :)

Last question: If a need to create additional client..do i really need to create it on the same machine that i build the keys? Can i just copy the "keys" folder to a ney box and redo the instruction in making client files? will it work ? Anyone?

Again thank you Development Team and this community for wealth of information about this wonderful project.

kpa

@jtpagaran:

Last question: If a need to create additional client..do i really need to create it on the same machine that i build the keys? Can i just copy the "keys" folder to a ney box and redo the instruction in making client files? will it work ? Anyone?

Yes you can as long as you copy everything to the new machine and set the key creation environment exactly as it was on the old machine.