OpenVPN, with vyprvpn
-
Ok I am new to OpenVPN but I have been using pfsense for sometime, so forgive me if this is dead obvious.
My end goal is to have lan traffic on specific ports or to specific hosts route via OpenVPN.
So I read http://forum.pfsense.org/index.php?topic=35292.0 and the links in the forum
This has taken me to a point, according to the OpenVPN client screen
Name Status Connected Since Virtual Addr Remote Host Bytes Sent Bytes Received
vypr_vpn UDP:50011 up Tue May 10 21:06:23 2011 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 597746 480295The last log entries show
May 11 11:58:52 openvpn[14307]: MANAGEMENT: Client disconnected
May 11 11:58:52 openvpn[14307]: MANAGEMENT: CMD 'status 2'
May 11 11:58:52 openvpn[14307]: MANAGEMENT: CMD 'state 1'
May 11 11:58:52 openvpn[14307]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sockNothing I seem to do in the firewall rules will make traffic route via OpenVPN, but I am not sure if it is just me not getting the rule correct or is related to those messages in the logs.
TIA
-
Could you show a screenshot of the firewall rules you use to redirect traffic to the OpenVPN tunnel?
Did you assign the OpenVPN interface?
Did you create outbound NAT rules for the assigned OpenVPN interface? -
-
I suppose you don't control the other side of the tunnel?
If you do, you have to add routes on the other side for the subnet on your local side.If you don't:
You need to enable outbound NAT (firewall –> NAT --> outbound --> manual rule generation)
and create a rule with as interface the OpenVPN interface, source: wherever you're connecting from, destination: where you're connecting to (216.196.109.144). -
I tried the your suggestion, initially nothing seemed to change, a restart of the OpenVPN service and boom there is now a IP address on the VPN Interface, something that it had never done before. However everything seems to be going via the VPN. Here is what I have set so far
http://www.tangerine-army.co.uk/aon.jpg -
This refers to "redirecting" traffic.
You are just NATing from interface to another.
The new rule looks right.How do you determine that traffic is leaving via WAN?
Is the tunnel actually comming up correctly?
Can you ping from the pfSense itself the other side of the tunnel? -
If I try to access www.bbc.co.uk it gives me the International version of the page, and not the localised version to the UK, also newsgroups run at full speed, which they would not do as my ISP throttles that traffic from 5pm onwards. So I can be fairly sure the tunnel is up and routing traffic ok.
Traceroute output:
1 10.9.0.1 (10.9.0.1) 70.076 ms 28.298 ms 27.524 ms
2 192.168.32.1 (192.168.32.1) 37.156 ms 29.530 ms 28.034 ms
3 vl307.gw1.ams.giganews.com (216.196.108.242) 28.278 ms 61.420 ms 45.326 ms
4 rt-amsix.tcams.bbc.co.uk (195.69.144.169) 29.823 ms 49.721 ms 29.445 ms
5 rt1.thdo.bbc.co.uk (212.58.239.45) 40.390 ms 36.354 ms 57.183 ms
6 212.58.238.38 (212.58.238.38) 54.758 ms 36.759 ms 69.710 ms
7 212.58.239.62 (212.58.239.62) 36.860 ms 42.856 ms 37.561 ms
8 212.58.251.44 (212.58.251.44) 63.978 ms 36.006 ms 56.095 ms
9 bbc-vip116.telhc.bbc.co.uk (212.58.244.71) 43.593 ms 40.037 ms 36.375 msAs for the traffic leaving via the WAN, the install of pfsense was just out of the box, I had not done anything aside from a few port forwards.
-
Still not much further forward, I am guessing I need rules to send traffic to the WAN rather than the VPN but as to the specifics of such rules I am not quite sure.