OpenVPN up but no traffic passing
-
So, I can not ping the other side and all tcpdump traffic shows my internal hosts going out with no return traffic.
Mmh, can you tcpdump other side, too? So that you can see that traffic goes out and perhaps come back?
I guess that on other side the back routes are missing. so that the remote side did not know where to route the traffic. -
Unfortunately the distant end is a StrongVPN node so I have no way to do a dump on the other side. A co-worker is having the exact same symptoms but his worked fine before he upgraded to 2.0.3. I set mine up with 2.0.3 and it's never worked for me.
-
Unfortunately the distant end is a StrongVPN node so I have no way to do a dump on the other side. A co-worker is having the exact same symptoms but his worked fine before he upgraded to 2.0.3. I set mine up with 2.0.3 and it's never worked for me.
can you perhaps downgrade then to pfsense 2.0.2 ?
http://files.nyi.pfsense.org/mirror/downloads/old/
http://blog.pfsense.org/?p=694
"biggest" change could be the Version update:
- OpenVPN 2.2 stock again (Removed IPv6 patches since those are only needed on 2.1 now)
and
OpenVPN
* Clear the route for an OpenVPN endpoint IP when restarting the VPN, to avoid a situation where a learned route from OSPF or elsewhere could prevent an instance from restarting properly
* Always clear the OpenVPN route when using shared key, no matter how the tunnel network “CIDR” is set
* Use the actual OpenVPN restart routine when starting/stopping from services rather than killing/restarting manually
* Allow editing an imported CRL, and refresh OpenVPN CRLs when saving. [#2652]
* Fix interface assignment descriptions when using > 10 OpenVPN instances -
Have you done the Outbound NAT Rules ? It sounds to me that you missed that bit.
-
I won't have time to downgrade until later this week, but I will post the results once I do it.
Just out of curiosity, is there anyone out there that is running 2.0.3, connecting to StrongVPN (or any other commercial VPN provider) and routing traffic across it with no issues?
-
no Idea… In knew someone who uses in his old company https://www.overplay.net/ for VPN connections...
Perhaps you'll try an alternative to check if it's problematic only at StrongVPN.
So this is the reason you can open ticket to StronVPN that there is a versions conflict in their system and hope they fix it quick or you switch to the functional alternative. -
After update, my openvpn is not usable (connect and not passing most of the traffic), looking for instructions to downgrade. Using 3rd party and openvpn client.
-
Alright, I finally got the time to downgrade to 2.0.2 and I'm having the same results. I'll download 2.0.1 and downgrade even further tomorrow, but right now it's not looking good.
-
Hi all,
I'm stationed overseas and I'm trying to use pfSense with StrongVPN to access Hulu, netflix, etc. I've followed the steps outlined in forum.pfsense.org/index.php?topic=29944.0 and the VPN reports that it's up when I look at Status > OpenVPN. I've created an alias group to route only a few devices from my network out the StrongVPN connection and I've created firewall rules to handle the routing out. When I add my PC to that alias group I can't web browse at all and I'm also unable to ping the distant end virtual IP (i can ping the local virtual IP fine). Also, when doing a packet capture I can see my local virtual IP attempting to send traffic to the distant end with no response coming back. I thought it might be something with the StrongVPN server so I've already switched to a different server.
Has anyone run into problems like this in the past? Any help would be greatly appreciated!
I think I have the same problem as you. I am running pfsense 2.0.3. I followed several tutorials (swimminginthought one and the sticky one) and I still can not get it work properly as you mention. It is probably a question of openvpn version ?
-
Are you running automatic or static outbound NAT?
-
Hi Guy's,
I'm having similar issues with pfsense 2.0.3.
I'm using the OpenVPN Client software to setup a remote connection to my pfsense box and the VPN connection itself is up, some routes are being pushed to my client and I can ping the IP-address of the pfsense box itself.
But all traffic going through the VPN to the internal systems (like RDP, ICMP etc.) are not passing through. When doing a Wireshark on the RDP-server and tcpdump on the pfsense box I see that the traffic is coming in via the VPN to the firewall, but not going out of the firewall to the RDP-server. Wireshark is not showing any incoming packets from the VPN client.
So it seems that there maybe is a routing issue or that all VPN traffic is beeing blocked somehow.What I found out is that when configuring a clean pfsense 2.0.3 box the VPN connection is working and traffic is passing through to my RDP-server. But after rebooting the pfsense box, it does not work anymore.
So something changes after rebooting the box.To answer on Kejianshi, i'm using automatic Outbound NAT Rule generation
Regards,
Cedric.