OpenVPN : Tunneling all client traffic through openVPN

joyfulway

Hi,
I know it has been discussed several times and I've been trying to understand what is going wrong for days now…
I followed the how-tos to force web traffic through the tunnel without any success.
http://forum.pfsense.org/index.php?topic=49459.0
http://forum.pfsense.org/index.php/topic,6056.0.html

I have a site to site connection using OpenVPN

HO VPN Server  <–------------------>Remote Site VPN Server
LAN if :10.60.1.21// LAN 10.60.1.0/24 Lan if : 10.60.2.21 // LAN 10.60.2.0/24
WAN Interface 192.168.31.34         WAN Interface 192.168.31.38
|
|
|
LAN if : 10.60.1.20 (which is also my DNS)
HO Internet Router

OpenVPN setup:
UDP, tun, WAN, openVPN port 1194
Tunnel Network 192.168.10.0/24
DNS server 10.60.1.20

• I can ping hosts in the HO LAN from the remote LAN.
• Ping www.google.com resolve but shows 'host is unreachable'

When I traceroute "google" from my remote site, I clearly see my packest are not routed through the VPN (192.168.31.37 beeing my ISP GW)
traceroute www.google.com
traceroute to www.google.com (173.194.35.113), 64 hops max, 40 byte packets
1  192.168.31.37 (192.168.31.37)  0.872 ms  0.876 ms  0.708 ms
2  192.168.31.37 (192.168.31.37)  0.624 ms !N *  0.815 ms !N

Whereas traceroute from a remote LAN host to a web server in my HO LAN responds correctly, going through the VPN tunnel:
traceroute 10.60.1.27
traceroute to 10.60.1.27 (10.60.1.27), 64 hops max, 40 byte packets
1  192.168.10.1 (192.168.10.1)  3.471 ms  3.741 ms  3.922 ms
2  10.60.1.27 (10.60.1.27)  3.891 ms  3.866 ms  3.969 ms

On my VPN server side I have:

• added the push "redirect-gateway def1"; push "dhcp-option DNS 10.60.1.20" to redirect traffic
• activate AON : WAN 10.60.1.0/24 * * * * *
• The VPN tunnel is up and the routes through VPN are ok
  Internet:
  Destination        Gateway            Flags    Refs      Use  Netif Expire
  default            192.168.31.33      UGS        0    5143    em1
  10.60.1.0/24      link#1            U          0    5196    em0
  10.60.1.21        link#1            UHS        0        0    lo0
  10.60.2.0/24      192.168.10.2      UGS        0    4872 ovpns1
  127.0.0.1          link#6            UH          0      139    lo0
  192.168.2.0/24    10.60.1.20        UGS        0        0    em0
  192.168.10.1      link#9            UHS        0        0    lo0
  192.168.10.2      link#9            UH          0        2 ovpns1
  192.168.31.32/30  link#2            U          0      254    em1
  192.168.31.34      link#2            UHS        0        0    lo0

On my VPN client side I have added:

• activate AON : WAN 10.60.2.0/24 * * * * *
• The VPN tunnel is up and the routes through VPN are ok
  Destination        Gateway            Flags    Refs      Use  Netif Expire
  default            192.168.31.37      UGS        0    4064    vr1
  10.60.1.0/24      192.168.10.1      UGS        0    3893 ovpnc1
  10.60.2.0/24      link#1            U          0    4225    vr0
  10.60.2.21        link#1            UHS        0        0    lo0
  127.0.0.1          link#5            UH          0      131    lo0
  192.168.10.1      link#8            UH          0        0 ovpnc1
  192.168.10.2      link#8            UHS        0        0    lo0
  192.168.31.36/30  link#2            U          0      296    vr1
  192.168.31.38      link#2            UHS        0        0    lo0

I might have forgotten something on the AON but can't figure what.

Thanks for any help !
Patrick

joyfulway

So on the HO firewall I've activated AON and created a manual rule to NAT my remote subnet as stated in different post but it's still a no go. (see attached jpeg)
I can reach internal web server from Remote site but still no Internet.
Running on the last pfsense distro 2.0.1-RELEASE (i386)

Anyone for any help please?