New 2.1 install not permitting users to connect to Internet

stephenw10

the Lan gateway is up and we can connect to the PFsense web gui without any issues from any LAN PC.

What exactly do you mean by LAN gateway? The LAN interface should not have a gateway defined.

How is the remote OpenVPN server defined? If it's by IP directly then you may have a DNS problem. Can you ping, say, 8.8.8.8 from pfSense or LAN side clients?

What is the system default gateway set to?

Steve

cjbujold

The correct term is the LAN interface is up.

OpenVPN server is defined by a DNS entry and not an IP, which suggest that it can find the IP using the DNS that are defined.

From the LAN side (PFSENSE) I can only ping the ISP IP and the servers the other side of the VPN, if I try to ping google or any other external IP I cannot reach them. In the DNS list in addition to the ISP DNS server we also have 4.2.2.2 .

The ISP service is a DHCP service so they provide their gateway. PSfense wan gateway is pointing to the IP provided by the ISP which can be ping from another location. Also in the firewall log I am seeing that it is blocking unwanted traffic trying to come in to the PFSense on closed ports.

We placed DNS 8.8.8.8 and then went to the diagnostic/ping option and the ping provided a valid reply

cjb

tim.mcmanus

Is OpenVPN set up to route all traffic from the remote location through the main location's Internet gateway?

Have you done a trace route from one of the LAN PCs to an internet location? What are the results?

Can you provide a diagram of the topology with internal IPs so I/we can see where the trace route is going?

kejianshi

We need to see your:

System General Setup

Firewall > rules (LAN, WAN and Openvpn tabs)

to start with…

The interfaces > LAN and WAN pages would also be helpful.

With that things would probably go quickly.

stephenw10

Yes, that would be my guess; all you traffic is being routed over the VPN and the other end isn't configured to route it out there. Th reason you can ping the ISP gateway is because it's seen as a local address, it's in the same subnet as one of your interfaces.

Steve

cjbujold

Here are the requested images

Thanks

cjb

dashboard.png_thumb

cjbujold

general setup

![General Setup.png](/public/imported_attachments/1/General Setup.png)
![General Setup.png_thumb](/public/imported_attachments/1/General Setup.png_thumb)

cjbujold

Lan Interface

![Lan Interface.png](/public/imported_attachments/1/Lan Interface.png)
![Lan Interface.png_thumb](/public/imported_attachments/1/Lan Interface.png_thumb)

cjbujold

Lan Rules

![Lan Rules.png](/public/imported_attachments/1/Lan Rules.png)
![Lan Rules.png_thumb](/public/imported_attachments/1/Lan Rules.png_thumb)

cjbujold

Wan Interface

![Wan Interface.png](/public/imported_attachments/1/Wan Interface.png)
![Wan Interface.png_thumb](/public/imported_attachments/1/Wan Interface.png_thumb)

cjbujold

Wan Rules

![Wan Rules.png](/public/imported_attachments/1/Wan Rules.png)
![Wan Rules.png_thumb](/public/imported_attachments/1/Wan Rules.png_thumb)

cjbujold

Open VPN Rule

![openVPN Rule.png](/public/imported_attachments/1/openVPN Rule.png)
![openVPN Rule.png_thumb](/public/imported_attachments/1/openVPN Rule.png_thumb)

stephenw10

Like I said above you should not have a gateway set on the LAN interface. Remove it.
In some rare circumstances you might want a gateway on LAN but here it has probably become the default system gateway which kills routing.

Steve