OpenVPN Server and Client at the same time
-
And here also the FW Rules for LAN, attached.
Without the third rule I get no internet access from the LAN.
-
Without the third rule I get no internet access from the LAN.
If you want to direct traffic from LAN over ExpressVPN you have to change the gateway here to ExpressVPNUDP_VPN4.
This matter gave me another input. You will get the default route pushed from the VPN provider. This has to be prevented in your case.
To do so go to the VPN client settings and check "Don't pull routes". This should solve the issue with the VPN servers. -
Hi viragomann,
I'm using individual hosts in the "VPN Client UDP" alias,
i.e. specific IP addresses on the GOST net,
to go over ExpressVPN to the internet. (see attachment)
All other subnets are not allowed to use ExpressVPN, which I redirected to WAN ISP (see previous post with FW Rule LAN attachment).On the other hand I need to access the LAN over the OpenVPN Servers when I'm not at home,
i.e. the LAN hosts shall not have access to the ExpressVPN Gateway.I added the Don't pull routes to the OpenVPN Client (ExpressVPN) and now I can connect again to the OpenVPN Servers ! I can access again a few hosts on LAN ! Unfortunately not all and it's extremely slow (compared to what I was used to).
We're getting closer :) Thanks a lot !I'm wondering what it could be which blocks a few hosts but others not and being at the same time very slow.
Many thanks in advance !
-
Is it possible that pfBlockerNG is slowing down something ?
-
No, pfBockerNG just sets filter rules which is the basically job of pfSense.
Why do you use TCP for VPN connection. UDP will be considerably faster.
Are the host you cant reach over VPN all in LAN subnet? Have allready asked this, but no answer.
-
Hi,
Ah ok thanks.
I use TCP 443 because it's typically not blocked, and UDP for streaming (faster as you said :) ).
Yes exactly all host I need to reach via OpenVPN Servers are in the LAN subnet, all other subnets such as GOST, VOIP or GAME are not of interest to be reached from the internet via the OpenVPN Servers intentionally.
As mentioned I can reach only a few hosts on LAN and pretty slow. Some other hosts on the LAN are not reachable at all, which confuses me. Something in my FW Rules or NAT is strange and may cause this strange behaviour. The CPU is an overkill, shouldn't be an issue (i5 quad core).
As you recommended I turned off the
- FW Rule in ExpressVPNClient tab as well as
- all FW Rules in the OpenVPN tab
I attached my current screenshots, I think I missed something you recommended me to set (in the NAT or Rules part?)…
Many thanks in advance.
-
How about the FW traffic shaper which I set up prior setting up all the VPN Servers and Client.
Is it possible that this causes some "blocking" ?Many thanks in advance!
-
Hi viragomann,
Thanks to your help everything is working now !
The screenshot I posted actually work.- I found an issue with some LAN hosts … which had nothing to do with pfSense, I had changed something in their firewalls... shame on me !
- And it seems that mobile providers started closing some ports.
Many thanks for your help :) :) :)
Now I have a last question :)
I read about DNS leaks while using VPN providers, I'm not doing anything illegal, but I was wondering if this can be set to work correctly.
Do these occur with pfSense or could we avoid or minimize DNS leaks when attributing specific DNS servers to the VPN client ?
(And if yes, how can we do this in pfSense without altering the DNS servers used for the WAN ISP?)Many thanks in advance !
-
Fine that it's working.
To avoid DNS leaks set your VPN clients to use an external DNS. So the request will be directed over the VPN and gets your ExpressVPN address.
-
Hi viragomann,
Thanks for your reply.
It works, there are no DNS leaks anymore :) !