• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

After About 5 Days I get this: openvpn[5531]: RESOLVE: Cannot resolve host addre

Scheduled Pinned Locked Moved OpenVPN
53 Posts 3 Posters 29.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M Offline
    m3ki
    last edited by Oct 25, 2013, 5:59 PM

    Strange so if you disable one of the clients now. Then both EU and US machines wont have internet ?

    1 Reply Last reply Reply Quote 0
    • A Offline
      archedraft
      last edited by Oct 25, 2013, 6:04 PM

      Correct, If I disable one VPN client both the US and EU machines will not ping google

      1 Reply Last reply Reply Quote 0
      • M Offline
        m3ki
        last edited by Oct 25, 2013, 6:07 PM

        Hmm… that could be dns issue.... what if you ping google on one of those machines by ip?
        Also is there an overlap in your aliases by any chance?

        EU_VPNCLIENT -> DOWN
        US_VPNCLIENT -> UP

        EU_MACHINE -> ping -> 8.8.8.8 ??
        US_MACHINE -> ping -> 8.8.8.8 ??

        1 Reply Last reply Reply Quote 0
        • A Offline
          archedraft
          last edited by Oct 25, 2013, 6:15 PM

          I checked to make sure the aliases where in the correct spots and they appear to be. I then took the EU vpn down and tried 8.8.8.8 and still both will not get packets.

          1 Reply Last reply Reply Quote 0
          • M Offline
            m3ki
            last edited by Oct 25, 2013, 6:36 PM

            can you screenshot the do not nat rule?

            1 Reply Last reply Reply Quote 0
            • M Offline
              m3ki
              last edited by Oct 25, 2013, 6:39 PM

              Also try disabling floating rules try to troubleshoot. What happens if floating rules are disabled? any luck then?

              1 Reply Last reply Reply Quote 0
              • A Offline
                archedraft
                last edited by Oct 25, 2013, 6:46 PM

                Here is the DO NOT NAT RULE

                ![Do NOT NAT.JPG](/public/imported_attachments/1/Do NOT NAT.JPG)
                ![Do NOT NAT.JPG_thumb](/public/imported_attachments/1/Do NOT NAT.JPG_thumb)

                1 Reply Last reply Reply Quote 0
                • A Offline
                  archedraft
                  last edited by Oct 25, 2013, 6:50 PM

                  If I disable the floating rules and ping 8.8.8.8 instead of getting "destination host unreachable" it says "request timed out" on both machines. So that doesn't seem to be the problem.

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    m3ki
                    last edited by Oct 25, 2013, 6:52 PM

                    This means that DO NOT NAT is applied. So packets are not dropped. But still lurking. Keep Floating disabled for now. Try turning off do not nat rules. ( keep in mind they are applied top down.) If one doesnt apply next one will catch it ;)

                    1 Reply Last reply Reply Quote 0
                    • A Offline
                      archedraft
                      last edited by Oct 25, 2013, 7:07 PM

                      OK so (Note: EU Do NOT NAT is on top)

                      TEST 1:
                      ALL floating rules disabled -> USA DO NOT NAT unchecked -> USA VPN disabled = USA machines can ping / EU machine will not ping

                      TEST 2:
                      ALL floating rules disabled -> USA DO NOT NAT unchecked -> EU VPN disabled = USA machines can ping / EU machine will not ping

                      TEST 3:
                      ALL floating rules disabled -> EU DO NOT NAT unchecked -> EU VPN disabled = USA machines can ping / EU machine will not ping

                      TEST 4:
                      ALL floating rules disabled -> EU DO NOT NAT unchecked -> USA VPN disabled = USA machines can ping / EU machine can ping

                      TEST 5:
                      ALL floating rules disabled -> ALL DO NOT NAT unchecked -> USA VPN disabled = USA machines can ping / EU machine can ping

                      1 Reply Last reply Reply Quote 0
                      • A Offline
                        archedraft
                        last edited by Oct 28, 2013, 6:22 PM

                        Figured it out. The problems was that under Firewall -> Rules -> Lan, proto was set to "TCP" on both VPN's, I changed proto to "Any" and now if one vpn goes down the other one still works.

                        1 Reply Last reply Reply Quote 0
                        • A Offline
                          archedraft
                          last edited by Oct 28, 2013, 10:36 PM Oct 28, 2013, 7:37 PM

                          How to use Policy Based Routing and Multi VPN

                          • I Followed this guide http://www.komodosteve.com/archives/232

                          • NOTES: I used the same server port for both VPN's

                          • NOTES: I added the following commands into Advanced Config (When pfSense first boots it loads VPN_IP_#1 but if the client gets restarted it will randomly pick of the the 3 VPN_IP's

                          • SCREENSHOT: OpenVPN Client 1

                          • SCREENSHOT: OpenVPN Client 2

                          remote_VPN IP_#1 Port#;
                          remote VPN_IP_#2 Port#;
                          remote VPN_IP_#3 Port#;
                          remote-random;

                          • SCREENSHOT: System Gateways

                          • This is where you will setup two aliases for the USA VPN's and EU VPN's

                          • Make sure you have static IP address for the machines

                          • I made 3 rules (1 that redircts the EU vpn through the EU gateway, 1 that redirects the US vpn through the US gateway, and 1 that selects every other IP address not specified in aliases and sends it to the defualt WAN gateway)

                          • Proto: ANY, Source: Alias, Gateway: VPN

                          • SCREENSHOT: Firewall Rules 1

                          • SCREENSHOT: Firewall Rules 2

                          • First delete all rules

                          • Select "Automatic outbound NAT rule generation" and click save

                          • Select "Manual Outbound NAT rule generation" and click save

                          • This should auto created any rules needed for the VPN's

                          • Now create a rule that will stop traffic if the VPN is down

                          • Click "Do not NAT", Interface "WAN", Protocol "any", Source "Alias"

                          • MAKE SURE you move the rule to the top of the list as pfsense carries out rules from top down

                          • SCREENSHOT: Firewall NAT Outbound 1

                          • SCREENSHOT: Firewall NAT Outbound 2

                          • Action "Block", Interface "WAN", Direction "any", Protocol "any", Source "alias"

                          • SCREENSHOT: Firewall Rules Floating 1

                          • SCREENSHOT: Firewall Rules Floating 2

                          • This along with with #5  will block your machine from going to internet

                          ![OpenVPN Client 1.JPG_thumb](/public/imported_attachments/1/OpenVPN Client 1.JPG_thumb)
                          ![OpenVPN Client 1.JPG](/public/imported_attachments/1/OpenVPN Client 1.JPG)

                          1 Reply Last reply Reply Quote 0
                          • A Offline
                            archedraft
                            last edited by Oct 28, 2013, 7:39 PM

                            Screenshots

                            ![OpenVPN Client 2.JPG](/public/imported_attachments/1/OpenVPN Client 2.JPG)
                            ![OpenVPN Client 2.JPG_thumb](/public/imported_attachments/1/OpenVPN Client 2.JPG_thumb)
                            ![System Gateways.JPG](/public/imported_attachments/1/System Gateways.JPG)
                            ![System Gateways.JPG_thumb](/public/imported_attachments/1/System Gateways.JPG_thumb)
                            ![Firewall Rules 1.JPG](/public/imported_attachments/1/Firewall Rules 1.JPG)
                            ![Firewall Rules 1.JPG_thumb](/public/imported_attachments/1/Firewall Rules 1.JPG_thumb)

                            1 Reply Last reply Reply Quote 0
                            • M Offline
                              m3ki
                              last edited by Oct 28, 2013, 7:39 PM

                              Sounds about right ;) Glad I could help :)

                              1 Reply Last reply Reply Quote 0
                              • A Offline
                                archedraft
                                last edited by Oct 28, 2013, 7:40 PM

                                Screenshots

                                ![Firewall Rules 2.JPG](/public/imported_attachments/1/Firewall Rules 2.JPG)
                                ![Firewall Rules 2.JPG_thumb](/public/imported_attachments/1/Firewall Rules 2.JPG_thumb)
                                ![Firewall NAT Outbound 1.JPG](/public/imported_attachments/1/Firewall NAT Outbound 1.JPG)
                                ![Firewall NAT Outbound 1.JPG_thumb](/public/imported_attachments/1/Firewall NAT Outbound 1.JPG_thumb)

                                1 Reply Last reply Reply Quote 0
                                • A Offline
                                  archedraft
                                  last edited by Oct 28, 2013, 7:41 PM

                                  screenshots

                                  ![Firewall NAT Outbound 2.JPG](/public/imported_attachments/1/Firewall NAT Outbound 2.JPG)
                                  ![Firewall NAT Outbound 2.JPG_thumb](/public/imported_attachments/1/Firewall NAT Outbound 2.JPG_thumb)
                                  ![Firewall Rules Floating 1.JPG](/public/imported_attachments/1/Firewall Rules Floating 1.JPG)
                                  ![Firewall Rules Floating 1.JPG_thumb](/public/imported_attachments/1/Firewall Rules Floating 1.JPG_thumb)

                                  1 Reply Last reply Reply Quote 0
                                  • A Offline
                                    archedraft
                                    last edited by Oct 28, 2013, 7:41 PM

                                    Screenshots

                                    ![Firewall Rules Floating 2.JPG](/public/imported_attachments/1/Firewall Rules Floating 2.JPG)
                                    ![Firewall Rules Floating 2.JPG_thumb](/public/imported_attachments/1/Firewall Rules Floating 2.JPG_thumb)

                                    1 Reply Last reply Reply Quote 0
                                    • M Offline
                                      m3ki
                                      last edited by Oct 28, 2013, 7:45 PM

                                      Hah now the topic went from cannot resolve address to…..... how to make policy based routing with multiple vpn clients.......

                                      1 Reply Last reply Reply Quote 0
                                      • A Offline
                                        archedraft
                                        last edited by Oct 28, 2013, 7:55 PM

                                        Yeah, I was going to rename the first post but I guess it doesn't let you modify the first post… Ill start a new thread as well lol. Thanks again m3ki!

                                        1 Reply Last reply Reply Quote 0
                                        • M Offline
                                          m3ki
                                          last edited by Oct 28, 2013, 7:57 PM

                                          Any time :)

                                          Next steps to think about…... you can also forward certain ports, protocols, domains...... to go to vpn........ etc.... moar fun!

                                          1 Reply Last reply Reply Quote 0
                                          32 out of 53
                                          • First post
                                            32/53
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received