No Internet through VPN, LAN works
-
Two things:
1. Firewall rules need to be set to allow traffic out of the VPN to the wan and from the network is the VPN interface
2. Nat needs to be set up so that traffic is directed to the VPNIf you need help with these, please ask
-
Well it used to work so i'm not sure what changed. How do I need to set it up on the NAT page?
Attached has my firewall ovpn and wan rules
-
May I get some assistance to make sure that I am getting my firewall and NAT rules correct to allow internet through the VPN? I am still having this issue where only the internet does not work when I connect to the VPN.
-
Me too, please.
Best regards
Kostas
-
I've had also troubles with the check at "Force all client generated traffic thorough the tunnel" in 2.1.x combined with windows clients.
However push route work perfectly.
So you may try enter 0.0.0.0/0 in the "IPv4 Local Network/s" field to set the default route to VPN gateway. -
Tried entering push "route 0.0.0.0 255.255.255.0" in the servers advanced config and that didnt work. I didn't see a IPv4 Local Networks field anywhere so I assumed you meant where I put it?
-
Tried entering push "route 0.0.0.0 255.255.255.0" in the servers advanced config and that didnt work. I didn't see a IPv4 Local Networks field anywhere so I assumed you meant where I put it?
That will just push a route for the IP range 0.0.0.0 to 0.0.0.255!
Beyond that, I've read here that the push command in advanced setting is deprecated and shouldn't be used anymore.
The "IPv4 Local Network/s" field in sever config > tunnel settings is destined for pushing routes to clients now. There you have entered your LAN network currently. Replace it with 0.0.0.0/24. -
When I do that it wont connect.
Tue Feb 10 15:26:53 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Feb 10 15:26:53 2015 TLS Error: TLS handshake failed
Tue Feb 10 15:26:53 2015 SIGUSR1[soft,tls-error] received, process restarting
Tue Feb 10 15:26:55 2015 UDPv4 link local (bound): [undef]
Tue Feb 10 15:26:55 2015 UDPv4 link remote: [AF_INET]MYIPADDRESS:1194If i just change it back to my network of 10.0.8.0 instead of 0.0.0.0 it connects no problem like it did before.
-
I've just tested this at my system. The connection is established anyway and the route is set on the client, however, with a higher metric than default route. So the default route is not overridden and this is no solution for you.
Then I've the "Force all client generated traffic through the tunnel." option and that worked.
What's about outbound NAT? If you have set it manual rule generation you have to add a rule for the VPN tunnel network also.
-
For outbound NAT i have the following:
WAN 10.0.0.0/24 * * * WAN address * NO WAN bound
I had "Force all client generated traffic through the tunnel" checked as well.
-
You have to add an additional rule for VPN outbound!
WAN 10.0.8.0/24 * * * WAN address * NO Description -
Yes! That works! Thank You! :) Im not sure if that entry got deleted somehow or what happened because I know at some point or another it did work just fine!
Sweet!