New 2.1 install not permitting users to connect to Internet
-
The correct term is the LAN interface is up.
OpenVPN server is defined by a DNS entry and not an IP, which suggest that it can find the IP using the DNS that are defined.
From the LAN side (PFSENSE) I can only ping the ISP IP and the servers the other side of the VPN, if I try to ping google or any other external IP I cannot reach them. In the DNS list in addition to the ISP DNS server we also have 4.2.2.2 .
The ISP service is a DHCP service so they provide their gateway. PSfense wan gateway is pointing to the IP provided by the ISP which can be ping from another location. Also in the firewall log I am seeing that it is blocking unwanted traffic trying to come in to the PFSense on closed ports.
We placed DNS 8.8.8.8 and then went to the diagnostic/ping option and the ping provided a valid reply
cjb
-
Is OpenVPN set up to route all traffic from the remote location through the main location's Internet gateway?
Have you done a trace route from one of the LAN PCs to an internet location? What are the results?
Can you provide a diagram of the topology with internal IPs so I/we can see where the trace route is going?
-
We need to see your:
System General Setup
Firewall > rules (LAN, WAN and Openvpn tabs)
to start with…
The interfaces > LAN and WAN pages would also be helpful.
With that things would probably go quickly.
-
Yes, that would be my guess; all you traffic is being routed over the VPN and the other end isn't configured to route it out there. Th reason you can ping the ISP gateway is because it's seen as a local address, it's in the same subnet as one of your interfaces.
Steve
-
Here are the requested images
Thanks
cjb
-
general setup
![General Setup.png](/public/imported_attachments/1/General Setup.png)
![General Setup.png_thumb](/public/imported_attachments/1/General Setup.png_thumb) -
Lan Interface
![Lan Interface.png](/public/imported_attachments/1/Lan Interface.png)
![Lan Interface.png_thumb](/public/imported_attachments/1/Lan Interface.png_thumb) -
Lan Rules
![Lan Rules.png](/public/imported_attachments/1/Lan Rules.png)
![Lan Rules.png_thumb](/public/imported_attachments/1/Lan Rules.png_thumb) -
Wan Interface
![Wan Interface.png](/public/imported_attachments/1/Wan Interface.png)
![Wan Interface.png_thumb](/public/imported_attachments/1/Wan Interface.png_thumb) -
Wan Rules
![Wan Rules.png](/public/imported_attachments/1/Wan Rules.png)
![Wan Rules.png_thumb](/public/imported_attachments/1/Wan Rules.png_thumb) -
Open VPN Rule
![openVPN Rule.png](/public/imported_attachments/1/openVPN Rule.png)
![openVPN Rule.png_thumb](/public/imported_attachments/1/openVPN Rule.png_thumb) -
Like I said above you should not have a gateway set on the LAN interface. Remove it.
In some rare circumstances you might want a gateway on LAN but here it has probably become the default system gateway which kills routing.Steve