Issues with OpenVPN Configuration
-
Can you do something? Post a few pics here.
First post a pic of the pfsense Status: Dashboard (the main page) - Id love to see the private adresses in use.
Then show the openvpn server setup page - The one where you configured openvpn
Then finally, the local ip of the machine you are trying to connect to openvpn with - before connecting to openvpn, just type ipconfig in windows or ifconfig for linux and dump the contents here.
I like watching you get carpal tunnel and everything, but really I'm pretty sure you just need to fix your IP ranges in use.
-
Yes - Both.
I think your current IPs you are using are very possibly breaking everything for you AND I also think its best practice and will save you tons of trouble in the future.
-
OK - new evolution. So…I ran the OpenVPN GUI as an administrator, and it connects just fine. Works as it should...just as if I'm on the local LAN.
To reiterate, I've created a hotspot on an LTE network using my mobile phone, and connected to it with a Windows8 laptop. It connects and works just fine. I can even browse the PFSense Web GUI.
So...I guess at this point I just need to figure out why my mobile phone connects, but with a seemingly limited connection.
-
Can you do something? Post a few pics here.
First post a pic of the pfsense Status: Dashboard (the main page) - Id love to see the private adresses in use.
Then show the openvpn server setup page - The one where you configured openvpn
Then finally, the local ip of the machine you are trying to connect to openvpn with - before connecting to openvpn, just type ipconfig in windows or ifconfig for linux and dump the contents here.
I like watching you get carpal tunnel and everything, but really I'm pretty sure you just need to fix your IP ranges in use.
I appreciate your help…I really do. So, the Windows laptop connects and works wonderfully.
The problem I need to trouble shoot now is why my phone connects, but has a seemingly limited connection. It can't browse to 192.168.1.1 and the apps on my phone do not connect to the devices on the LAN as they should. It may be worth noting, this used to work great before the HDD in my PFSense died and I had to rebuild everything (without a backup).
-
Can you do something? Post a few pics here.
First post a pic of the pfsense Status: Dashboard (the main page) - Id love to see the private adresses in use.
Then show the openvpn server setup page - The one where you configured openvpn
Then finally, the local ip of the machine you are trying to connect to openvpn with - before connecting to openvpn, just type ipconfig in windows or ifconfig for linux and dump the contents here.
I like watching you get carpal tunnel and everything, but really I'm pretty sure you just need to fix your IP ranges in use.
Here are the pictures. I blocked out my IP address. Don't know why, just seemed like the right thing to do.
![VPN Server Settings 1.jpg](/public/imported_attachments/1/VPN Server Settings 1.jpg)
![VPN Server Settings 2.jpg](/public/imported_attachments/1/VPN Server Settings 2.jpg)
![VPN Server Settings 3.jpg](/public/imported_attachments/1/VPN Server Settings 3.jpg)
![VPN Server Settings 1.jpg_thumb](/public/imported_attachments/1/VPN Server Settings 1.jpg_thumb)
![VPN Server Settings 2.jpg_thumb](/public/imported_attachments/1/VPN Server Settings 2.jpg_thumb)
![VPN Server Settings 3.jpg_thumb](/public/imported_attachments/1/VPN Server Settings 3.jpg_thumb) -
Damn - Blacked out - Now I can't magically hack you…
OK - Now, what is the IP of the machine that is trying to connect to your server?
I need to know its PRIVATE address.
-
Damn - Blacked out - Now I can't magically hack you…
OK - Now, what is the IP of the machine that is trying to connect to your server?
I need to know its PRIVATE address.
The private IP address of my cell phone? When I go in to Status while connected to the LTE network, the IP address has two listed.
2607:fb90:480:dc2e:45a6:fe5f:b457:5b55
192.0.0.4Is that what you needed? And like I said it connects…it just seems to be on a limited basis.
-
Do you want to tunnel everything? Or just connections to 192.168.1.0/24?
-
Do you want to tunnel everything? Or just connections to 192.168.1.0/24?
I'm sorry, but I don't know what it means to "tunnel everything". When I'm connected to the VPN, I want to be able to access all the devices on the local LAN. I want all "internet" or "IP" traffic from the phone to through the VPN. From within the web browser or otherwise (IE: My Control4 app needs to connect to the Control4 controller on the LAN/VPN).
Does that answer your question? Sorry I'm such a novice at this. I truly appreciate your help.
-
Tunnel everything means that the client gets a default route that sends all traffic through the tunnel and nothing should egress the client's WAN natively while connected to the OpenVPN server.
Alternately, the client can get routes for just the remote networks, usually private networks (Remote LAN, etc). Only traffic for those networks will be sent to OpenVPN. All other traffic will be given to the client host's routing table and be routed accordingly.
-
OK - Baby steps…
I want you to change a few things if thats ok?
Force all client generated traffic through the tunnel.
Also, provide DNS Servers.
192.168.1.1
8.8.8.8 -
So, this is my cell phone we're talking about. While the cell phone is connected to the VPN, I think I want all internet/IP based traffic to go through the VPN.
What do I need to do for that to happen, because it doesn't appear to be happening now.
-
OK - Baby steps…
I want you to change a few things if thats ok?
Force all client generated traffic through the tunnel.
Also, provide DNS Servers.
192.168.1.1
8.8.8.8I'm down with the baby steps, but let me make sure I understand. You want me to recheck the DNS servers box in the VPN config, and add those 2 DNS servers?
-
Please make the initial changes to the openvpn server that I suggested. Then test it.
BTW - How are you seeing your server config if you are away and your VPN isn't working?
"You want me to recheck the DNS servers box in the VPN config, and add those 2 DNS servers?" - Yes
I want you to use your pfsense LAN as DNS server (192,168.1.1) and if something on your local network interferes with that, like the subnet in use, 8.8.8.8, just in case.
Just temporary to ensure you have DNS.
BTW - What kind of phone? What is the openvpn client software being used?
-
Please make the initial changes to the openvpn server that I suggested. Then test it.
BTW - How are you seeing your server config if you are away and your VPN isn't working?
I'm not away. I'm at home. I've got computers that are hard wired on the LAN here. I'm testing it from mobile phones and hotspots.
I think I made those changes correctly. I'm going to test it now.
-
I made those changes. The VPN from my phone still works the same. Do I need to redownload the client export after making those changes?
-
Just saw the edits to your last post. It's an Android phone. Google Nexus 6. I'm using the "OpenVPN Connect" client.
-
Not yet. Now I'd like to see the:
Firewall: Rules
The LAN tab and the OpenVPN tab.
-
Not yet. Now I'd like to see the:
Firewall: Rules
The LAN tab and the OpenVPN tab.
As requested. Thanks again for your help.
![Firewall Rules LAN Tab.jpg](/public/imported_attachments/1/Firewall Rules LAN Tab.jpg)
![Firewall Rules VPN Tab.jpg](/public/imported_attachments/1/Firewall Rules VPN Tab.jpg)
![Firewall Rules LAN Tab.jpg_thumb](/public/imported_attachments/1/Firewall Rules LAN Tab.jpg_thumb)
![Firewall Rules VPN Tab.jpg_thumb](/public/imported_attachments/1/Firewall Rules VPN Tab.jpg_thumb) -
I should reiterate that when connecting from my Windows8 laptop it works swimmingly. The problem just seems to exist when I connect with this Android phone.
It can see some devices/IP's, but can't see 192.168.1.1. AND the apps on my phone won't connect to the local LAN. It's as if they're still using the cellular connection.