Route Internet-traffic through OpenVPN Server
-
Hi there,
I try to set up my OpenServer on pfSense. I can connect to my pfSense OpenVPN Server, I also can browse pfSense Webinterface via its local adress (192.168.178.1).
But it doesn't route the clients internet-traffic through the VPN - even through its "orignal" gateway.Client config:
dev tun persist-tun persist-key cipher AES-128-CBC auth SHA1 tls-client client resolv-retry infinite remote secret.adress 9090 udp lport 0 auth-user-pass ca gateway-udp-9090-ca.crt redirect-gateway def1 ns-cert-type server comp-lzo adaptive verb 4
Server config:
http://fs5.directupload.net/images/160309/wntv7evo.jpg (or Attachment)
-
Check "Redirect Gateway" in server config.
-
Check "Redirect Gateway" in server config.
That didn't do the trick.
Already set a any/any rule in OpenVPN.
Since I'm behind an cable-modem, I had to NAT my OpenVPN servers port (9090 in this case).
Do I also have to set NAT-Outbound rules? I set them to "manual" because I also use some OpenVPN clients on my pfSense
-
Yes, for Internet traffic you need also to add an outbound NAT rule like this:
WAN <vpntunnelnetork>* * * WAN address * NO</vpntunnelnetork>
-
Added rule. Still no Internet trhough VPN.
-
Okay, you say you have also a vpn client installed. Have you assigned particular interfaces to each, client and server? This will be necessary in this case.
After you have to add firewall rules to each interface to permit the traffic you need.
-
I had a similar issue and the problem seems to be solved by running the OpenVPN GUI as an Administrator (Windows 10). Find the OpenVPN GUI file, right click to select properties, then under advanced check Run as Administrator.
-
Okay, you say you have also a vpn client installed. Have you assigned particular interfaces to each, client and server? This will be necessary in this case.
After you have to add firewall rules to each interface to permit the traffic you need.
Yes. Every OpenVPN client has its own interface. I have not done that for the server, but now I created it.
But still no Internet traffic through vpn. Although I already set firewall rules for "OpenVPN" and "VPNSERVER", any * any *NAT options
WAN 127.0.0.0/8 * * 500 WAN address * YES WAN 127.0.0.0/8 * * * WAN address * NO WAN 192.168.178.0/24 * * 500 WAN address * YES WAN 192.168.178.0/24 * * * WAN address * NO WAN 10.0.8.0/24 * * * WAN address * NO
- the WAN rules are duplicated with every of my vpn-client interfaces
-
Well, I maybe know whats the issue is:
My OpenVPN clients on pfSense are used for a service like hidemyass. I use multiple connections for different clients.
They always try to set a new route directly on my pfsenseERROR: FreeBSD route add command failed: external program exited with error status: 1
As soon as I start one of my OpenVPN clients, the internet-passthrough for my clients won't work.
Maybe because my pfsense public IP address is not my ISPs address, its one of my hidemyass IPs.I'll try to check "Don't pull routes" on my pfsense OpenVPN client configs.
-
Yes! Checked "Don't pull routes" and now it works!
Now I want to change the gateway for specific vpn-connected-clients:
On LAN:
IPv4 * VPNSERVER net * * * VPN_PP_AMSTERDAM_VPNV4 none
won't work.