Pulling my hair out! Vpn server + client same time…
-
pulling my hair out.. VPN client+Server same time = :( self.PFSENSE
Submitted 7 hours ago * by amendolaro
VPN server running port 1195 VPN client running 1194
i can connect to vpn service as long as vpn client isn't running..
client runs fine, server runs fine… they just don't play good together
I have uploaded my NAT, Firewall Rules, and server settings. Am i missing something ? i am VERY new to this. I am getting TLS handshake errors. but again this is ONLY when i my pfsense box is connected to VPN client.
I would image its a rule or port issue?
log --> http://pastebin.com/VGgsR1Ps
VPN Server Settings 1/2 https://i.imgsafe.org/6f04d77cc9.png
VPN Server Settings 2/2 https://i.imgsafe.org/6f04e0d1fc.png
OpenVPN Rules https://i.imgsafe.org/6f04de7a80.png
VPN Client Rules https://i.imgsafe.org/6f04e80ee6.png
Lan Rules https://i.imgsafe.org/6f04f8b398.png
WAN Rules https://i.imgsafe.org/6f050214a7.png
NAT https://i.imgsafe.org/6f05121022.png
Interfaces https://i.imgsafe.org/6f0515ebc0.png
and again, i don't get any TLS errors when client is disconnected. Also if i am on the same network (internal) and i connect to vpn server, while client is running, i connect fine, which makes me think its a firewall/port issue..Help!
-
You didn't post your client setting. However, I presume, the vpn server your client is connected to is set as default gateway on pfSense. So if it connected any packets are routed to the vpn server, including responses to vpn requests.
To solve, check "Don't pull routes" in the client setting and add the vpn gateway to the firewall rules if you want to direct any traffic to the vpn server:
https://doc.pfsense.org/index.php/What_is_policy_routing -
You didn't post your client setting. However, I presume, the vpn server your client is connected to is set as default gateway on pfSense. So if it connected any packets are routed to the vpn server, including responses to vpn requests.
To solve, check "Don't pull routes" in the client setting and add the vpn gateway to the firewall rules if you want to direct any traffic to the vpn server:
https://doc.pfsense.org/index.php/What_is_policy_routingSorry here is client
Please let me know what the issue is for sure :( thanks for all your help
https://i.imgsafe.org/78d6ec3b3b.png
https://i.imgsafe.org/78d6f61898.png
https://i.imgsafe.org/78d7108c50.png
https://i.imgsafe.org/78d7240365.png
https://i.imgsafe.org/78d74e9b84.png
-
I meant the client running on pfSense. Does it pull routes? Or is the default route on pfSense pointing to the vpn server?
Check it in Diagnostic > Routes and post the page please. -
I meant the client running on pfSense. Does it pull routes? Or is the default route on pfSense pointing to the vpn server?
Check it in Diagnostic > Routes and post the page please.https://i.imgsafe.org/79a1095c61.png
https://i.imgsafe.org/79a10dea56.png
https://i.imgsafe.org/79a1359f4f.png
-
Check it in Diagnostic > Routes and post the page please.
Please, post the full screen, it must also show the interface column (netif). The client must be connected at this time, otherwise the route wont be set.
Or just try out to check "Don't pull routes" in client config and test if you are able to connect to the server.
-
Check it in Diagnostic > Routes and post the page please.
Please, post the full screen, it must also show the interface column (netif). The client must be connected at this time, otherwise the route wont be set.
Or just try out to check "Don't pull routes" in client config and test if you are able to connect to the server.
You are amazing! Thank you ! Now only issue, which isn't a huge one, is its showing my isp ip instead of vpn ip. Any quick fix for this ?
-
As mentioned above: Policy routing does the magic.
Any outgoing traffic in pfSense must be permitted by firewall rules. In each rule you can specify a gateway. For using the openvpn connection, you have to set it to the vpn client gateway.
If you haven't add any rules up to now or changed your rule set, you will have an any to any rule, which allow outgoing traffic. Edit this rule go down and display the advanced options, go down to "Gateway" and select the vpn client GW and save the rule.
So traffic is directed to the vpn server, the client is connected to. This doesn't affect connections to your vpn server, cause this is an incoming traffic. -
As mentioned above: Policy routing does the magic.
Any outgoing traffic in pfSense must be permitted by firewall rules. In each rule you can specify a gateway. For using the openvpn connection, you have to set it to the vpn client gateway.
If you haven't add any rules up to now or changed your rule set, you will have an any to any rule, which allow outgoing traffic. Edit this rule go down and display the advanced options, go down to "Gateway" and select the vpn client GW and save the rule.
So traffic is directed to the vpn server, the client is connected to. This doesn't affect connections to your vpn server, cause this is an incoming traffic.I went to my openvpn tab, and edit the rule that the openvpn wizard made and change gateway to vpn but still showing isp. Am I editing the wrong rule? What interface should I be editing?
-
No no no!
The rule is on the interface where the traffic comes in! pfSene basics.So your client PC will be connected to the LAN interface, cause this is the only on which has a default any to any rule. So you have to go to LAN tab and edit this rule.
-
No no no!
The rule is on the interface where the traffic comes in! pfSene basics.So your client PC will be connected to the LAN interface, cause this is the only on which has a default any to any rule. So you have to go to LAN tab and edit this rule.
Well if I pull up the lab interface tab , the rule there is already any to any with the vpn as gateway
https://i.imgsafe.org/6f04f8b398.png
-
"VPN" is your vpn clients gateway?
If so it should work, when the client is connected.