Pulling my hair out! Vpn server + client same time…
-
You didn't post your client setting. However, I presume, the vpn server your client is connected to is set as default gateway on pfSense. So if it connected any packets are routed to the vpn server, including responses to vpn requests.
To solve, check "Don't pull routes" in the client setting and add the vpn gateway to the firewall rules if you want to direct any traffic to the vpn server:
https://doc.pfsense.org/index.php/What_is_policy_routing -
You didn't post your client setting. However, I presume, the vpn server your client is connected to is set as default gateway on pfSense. So if it connected any packets are routed to the vpn server, including responses to vpn requests.
To solve, check "Don't pull routes" in the client setting and add the vpn gateway to the firewall rules if you want to direct any traffic to the vpn server:
https://doc.pfsense.org/index.php/What_is_policy_routingSorry here is client
Please let me know what the issue is for sure :( thanks for all your help
https://i.imgsafe.org/78d6ec3b3b.png
https://i.imgsafe.org/78d6f61898.png
https://i.imgsafe.org/78d7108c50.png
https://i.imgsafe.org/78d7240365.png
https://i.imgsafe.org/78d74e9b84.png
-
I meant the client running on pfSense. Does it pull routes? Or is the default route on pfSense pointing to the vpn server?
Check it in Diagnostic > Routes and post the page please. -
I meant the client running on pfSense. Does it pull routes? Or is the default route on pfSense pointing to the vpn server?
Check it in Diagnostic > Routes and post the page please.https://i.imgsafe.org/79a1095c61.png
https://i.imgsafe.org/79a10dea56.png
https://i.imgsafe.org/79a1359f4f.png
-
Check it in Diagnostic > Routes and post the page please.
Please, post the full screen, it must also show the interface column (netif). The client must be connected at this time, otherwise the route wont be set.
Or just try out to check "Don't pull routes" in client config and test if you are able to connect to the server.
-
Check it in Diagnostic > Routes and post the page please.
Please, post the full screen, it must also show the interface column (netif). The client must be connected at this time, otherwise the route wont be set.
Or just try out to check "Don't pull routes" in client config and test if you are able to connect to the server.
You are amazing! Thank you ! Now only issue, which isn't a huge one, is its showing my isp ip instead of vpn ip. Any quick fix for this ?
-
As mentioned above: Policy routing does the magic.
Any outgoing traffic in pfSense must be permitted by firewall rules. In each rule you can specify a gateway. For using the openvpn connection, you have to set it to the vpn client gateway.
If you haven't add any rules up to now or changed your rule set, you will have an any to any rule, which allow outgoing traffic. Edit this rule go down and display the advanced options, go down to "Gateway" and select the vpn client GW and save the rule.
So traffic is directed to the vpn server, the client is connected to. This doesn't affect connections to your vpn server, cause this is an incoming traffic. -
As mentioned above: Policy routing does the magic.
Any outgoing traffic in pfSense must be permitted by firewall rules. In each rule you can specify a gateway. For using the openvpn connection, you have to set it to the vpn client gateway.
If you haven't add any rules up to now or changed your rule set, you will have an any to any rule, which allow outgoing traffic. Edit this rule go down and display the advanced options, go down to "Gateway" and select the vpn client GW and save the rule.
So traffic is directed to the vpn server, the client is connected to. This doesn't affect connections to your vpn server, cause this is an incoming traffic.I went to my openvpn tab, and edit the rule that the openvpn wizard made and change gateway to vpn but still showing isp. Am I editing the wrong rule? What interface should I be editing?
-
No no no!
The rule is on the interface where the traffic comes in! pfSene basics.So your client PC will be connected to the LAN interface, cause this is the only on which has a default any to any rule. So you have to go to LAN tab and edit this rule.
-
No no no!
The rule is on the interface where the traffic comes in! pfSene basics.So your client PC will be connected to the LAN interface, cause this is the only on which has a default any to any rule. So you have to go to LAN tab and edit this rule.
Well if I pull up the lab interface tab , the rule there is already any to any with the vpn as gateway
https://i.imgsafe.org/6f04f8b398.png
-
"VPN" is your vpn clients gateway?
If so it should work, when the client is connected.