OpenVPN Server and Client Simultaneously
-
When you say "any" for the outgoing NAT, do you mean my last line where the OpenVPN interface is? If so, should that only include my OpenVPN tunnel network or that along with my LAN network? Just don't want to break my OpenVPN client in addition to the server, lol.
Yes.
So do I include just my tunnel network or also my LAN network too? Thanks for the help.
-
Every source network that you want to be outbound NAT on the way out that interface must match an outbound NAT rule. Source any catches other things like traffic from the interface address itself and generally breaks things.
-
Every source network that you want to be outbound NAT on the way out that interface must match an outbound NAT rule. Source any catches other things like traffic from the interface address itself and generally breaks things.
Still no go. Even before I try connecting remotely, my internet goes dead (everything going out my VPN pipe) as soon as I turn on the OpenVPN server. As soon as my I delete or turn off the server, everything comes back online almost immediately. I'm running TCP/443 on my OpenVPN client and using the default UCP/1194 on the server. Any other ideas?
-
That makes zero sense. Post your client and server configs.
That rule on the OpenVPN tab is bad news when you have OpenVPN configured as a WAN port.
You should assign an interface to the OpenVPN server, place the pass any any rule on that, and have no rules on the OpenVPN tab and no rules on the interface assigned to the OpenVPN client. What you have will passs any connection that comes inbound from the OpenVPN service.
-
Why is your port 1194 apparently port forwarded inbound to 192.168.2.104. At least that's what the WAN rule looks like.
-
Why is your port 1194 apparently port forwarded inbound to 192.168.2.104. At least that's what the WAN rule looks like.
That was my original OpenVPN server on my NAS. I've disabled the server on the NAS and firewall rule in pfSense.
-
That makes zero sense. Post your client and server configs.
That rule on the OpenVPN tab is bad news when you have OpenVPN configured as a WAN port.
You should assign an interface to the OpenVPN server, place the pass any any rule on that, and have no rules on the OpenVPN tab and no rules on the interface assigned to the OpenVPN client. What you have will passs any connection that comes inbound from the OpenVPN service.
Figures, the wizard placed that rule in the OpenVPN tab. I removed it, assigned the server an interface, and added a pass any rule on the interface. Still nothing. What I can't understand is why everything going through my OpenVPN client goes dead the second I activate the server. Just doesn't make sense.
-
Yeah I could build what you are trying to do in 5 minutes. Finding out what you've done wrong from afar is taking longer.
The OpenVPN server and client processes are completely independent from each other. Unless you have some same-subnet things in the configs or something.
-
Yeah I could build what you are trying to do in 5 minutes. Finding out what you've done wrong from afar is taking longer.
The OpenVPN server and client processes are completely independent from each other. Unless you have some same-subnet things in the configs or something.
Thanks for trying to help. I'll keep messing with it and hopefully get it worked out.
-
If enabling the server has any effect on existing traffic, it sounds like you have chosen a subnet for the tunnel network that conflicts with something.
Usually that means the server won't install the route because it already exists. Maybe you did something different.
What did you use for the tunnel network?
-
If enabling the server has any effect on existing traffic, it sounds like you have chosen a subnet for the tunnel network that conflicts with something.
Usually that means the server won't install the route because it already exists. Maybe you did something different.
What did you use for the tunnel network?
I used 192.168.3.0/24 for my tunnel network. It's all working now after setting up the interface and adjusting NAT rules. Thanks for that. Now I just need to figure out if it's possible to use a different route when I'm on my home WiFi network. I can't use the OpenVPN setting that says "Cellular Only" as I'm using redirect-gateway and that doesn't allow the iPhone to switch back to WiFi when it's available.
