OpenVPN : Tunneling all client traffic through openVPN
-
Hi,
I know it has been discussed several times and I've been trying to understand what is going wrong for days now…
I followed the how-tos to force web traffic through the tunnel without any success.
http://forum.pfsense.org/index.php?topic=49459.0
http://forum.pfsense.org/index.php/topic,6056.0.htmlI have a site to site connection using OpenVPN
HO VPN Server <–------------------>Remote Site VPN Server
LAN if :10.60.1.21// LAN 10.60.1.0/24 Lan if : 10.60.2.21 // LAN 10.60.2.0/24
WAN Interface 192.168.31.34 WAN Interface 192.168.31.38
|
|
|
LAN if : 10.60.1.20 (which is also my DNS)
HO Internet RouterOpenVPN setup:
UDP, tun, WAN, openVPN port 1194
Tunnel Network 192.168.10.0/24
DNS server 10.60.1.20- I can ping hosts in the HO LAN from the remote LAN.
- Ping www.google.com resolve but shows 'host is unreachable'
When I traceroute "google" from my remote site, I clearly see my packest are not routed through the VPN (192.168.31.37 beeing my ISP GW)
traceroute www.google.com
traceroute to www.google.com (173.194.35.113), 64 hops max, 40 byte packets
1 192.168.31.37 (192.168.31.37) 0.872 ms 0.876 ms 0.708 ms
2 192.168.31.37 (192.168.31.37) 0.624 ms !N * 0.815 ms !NWhereas traceroute from a remote LAN host to a web server in my HO LAN responds correctly, going through the VPN tunnel:
traceroute 10.60.1.27
traceroute to 10.60.1.27 (10.60.1.27), 64 hops max, 40 byte packets
1 192.168.10.1 (192.168.10.1) 3.471 ms 3.741 ms 3.922 ms
2 10.60.1.27 (10.60.1.27) 3.891 ms 3.866 ms 3.969 msOn my VPN server side I have:
- added the push "redirect-gateway def1"; push "dhcp-option DNS 10.60.1.20" to redirect traffic
- activate AON : WAN 10.60.1.0/24 * * * * *
- The VPN tunnel is up and the routes through VPN are ok
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.31.33 UGS 0 5143 em1
10.60.1.0/24 link#1 U 0 5196 em0
10.60.1.21 link#1 UHS 0 0 lo0
10.60.2.0/24 192.168.10.2 UGS 0 4872 ovpns1
127.0.0.1 link#6 UH 0 139 lo0
192.168.2.0/24 10.60.1.20 UGS 0 0 em0
192.168.10.1 link#9 UHS 0 0 lo0
192.168.10.2 link#9 UH 0 2 ovpns1
192.168.31.32/30 link#2 U 0 254 em1
192.168.31.34 link#2 UHS 0 0 lo0
On my VPN client side I have added:
- activate AON : WAN 10.60.2.0/24 * * * * *
- The VPN tunnel is up and the routes through VPN are ok
Destination Gateway Flags Refs Use Netif Expire
default 192.168.31.37 UGS 0 4064 vr1
10.60.1.0/24 192.168.10.1 UGS 0 3893 ovpnc1
10.60.2.0/24 link#1 U 0 4225 vr0
10.60.2.21 link#1 UHS 0 0 lo0
127.0.0.1 link#5 UH 0 131 lo0
192.168.10.1 link#8 UH 0 0 ovpnc1
192.168.10.2 link#8 UHS 0 0 lo0
192.168.31.36/30 link#2 U 0 296 vr1
192.168.31.38 link#2 UHS 0 0 lo0
I might have forgotten something on the AON but can't figure what.
Thanks for any help !
Patrick -
So on the HO firewall I've activated AON and created a manual rule to NAT my remote subnet as stated in different post but it's still a no go. (see attached jpeg)
I can reach internal web server from Remote site but still no Internet.
Running on the last pfsense distro 2.0.1-RELEASE (i386)Anyone for any help please?