Windows OS clients can't connect to the Internet
-
I currently have pfSense setup to route all network traffic through a client VPN configured in the pfSense box, it works great.
I also have an OpenVPN server configured on my pfSense box, with Server clients successfully able to connect and access the LAN.
I need for my clients connecting to my pfSense OpenVPN server to be able to access the internet (not just the LAN) -
What is strange is that clients who have connect on through a Linux OS able to access the internetand and clients who connect through Windows OS can't connect to the Internet.
OpenVPN settings Screenshot attached:
https://ibb.co/bZxZBJHelp please :)
-
I need for my clients connecting to my pfSense OpenVPN server to be able to access the internet (not just the LAN) -
And you want to route the upstream traffic to internet resources over the vpn?
What is strange is that clients who have connect on through a Linux OS able to access the internetand and clients who connect through Windows OS can't connect to the Internet.
I guess, the Windows clients set the route over the vpn and Linux clients don't.
-
No, Idont want to route the traffic to internet over the vpn server.
only the clients go out to internet in the regular way…. -
So go to the server settings and remove the check from "Redirect gateway" and enter the local networks you want to access from the clients in the "Local network/s" box.
-
So go to the server settings and remove the check from "Redirect gateway" and enter the local networks you want to access from the clients in the "Local network/s" box.
The "Redirect gateway" is allready uncheck. "Local Network" works OK.
the only problem is with Windows OS that cant access external internet (MAC OS an Linux works fine).
I've also tried to push them to DNS settings - also does not work…very strange ....
-
To ensure that it's not a DNS issue, try to access a host in the internet by its IP address.
Please tell, what your vpn tunnel network is and post the routing table of the Windows client.
Does it affect only Windows 10 or also elder versions?
-
To ensure that it's not a DNS issue, try to access a host in the internet by its IP address.
Please tell, what your vpn tunnel network is and post the routing table of the Windows client.
Does it affect only Windows 10 or also elder versions?
1. ping to 8.8.8.8 works fine.
2. my VPN network is 192.168.60.0/24
3. Until now I see the problem only with Windows 10.
4. route:===========================================================================
Interface List
5…00 ff 27 f9 cd f3 ......TAP-Windows Adapter V9
8...fc 3f db 48 98 cd ......Intel(R) Ethernet Connection (3) I218-LM
4...0a 00 27 00 00 04 ......VirtualBox Host-Only Ethernet Adapter
19...64 80 99 96 54 d4 ......Microsoft Wi-Fi Direct Virtual Adapter
18...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
12...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
14...64 80 99 96 54 d3 ......Intel(R) Dual Band Wireless-AC 7265
11...64 80 99 96 54 d7 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
7...90 83 86 5a 50 51 ......HP hs3110 HSPA+ Mobile Broadband DeviceIPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.7.254 192.168.4.254 45
10.111.111.0 255.255.255.0 192.168.60.1 192.168.60.2 3
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 192.168.60.1 192.168.60.2 3
192.168.2.0 255.255.255.0 On-link 192.168.2.1 291
192.168.2.1 255.255.255.255 On-link 192.168.2.1 291
192.168.2.255 255.255.255.255 On-link 192.168.2.1 291
192.168.4.0 255.255.252.0 On-link 192.168.4.254 301
192.168.4.254 255.255.255.255 On-link 192.168.4.254 301
192.168.7.255 255.255.255.255 On-link 192.168.4.254 301
192.168.41.0 255.255.255.0 On-link 192.168.41.1 291
192.168.41.1 255.255.255.255 On-link 192.168.41.1 291
192.168.41.255 255.255.255.255 On-link 192.168.41.1 291
192.168.56.0 255.255.255.0 On-link 192.168.56.1 281
192.168.56.1 255.255.255.255 On-link 192.168.56.1 281
192.168.56.255 255.255.255.255 On-link 192.168.56.1 281
192.168.60.0 255.255.255.0 On-link 192.168.60.2 259
192.168.60.2 255.255.255.255 On-link 192.168.60.2 259
192.168.60.255 255.255.255.255 On-link 192.168.60.2 259
192.168.235.0 255.255.255.0 192.168.60.1 192.168.60.2 3
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.56.1 281
224.0.0.0 240.0.0.0 On-link 192.168.4.254 301
224.0.0.0 240.0.0.0 On-link 192.168.41.1 291
224.0.0.0 240.0.0.0 On-link 192.168.2.1 291
224.0.0.0 240.0.0.0 On-link 192.168.60.2 259
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.56.1 281
255.255.255.255 255.255.255.255 On-link 192.168.4.254 301
255.255.255.255 255.255.255.255 On-link 192.168.41.1 291
255.255.255.255 255.255.255.255 On-link 192.168.2.1 291
255.255.255.255 255.255.255.255 On-link 192.168.60.2 259Persistent Routes:
NoneIPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
4 281 fe80::/64 On-link
14 301 fe80::/64 On-link
12 291 fe80::/64 On-link
18 291 fe80::/64 On-link
5 259 fe80::/64 On-link
4 281 fe80::1946:4586:734e:9150/128
On-link
18 291 fe80::21ab:537f:9d4d:434/128
On-link
12 291 fe80::5d52:1a45:739b:94fb/128
On-link
5 259 fe80::b832:e27a:5fc8:b788/128
On-link
14 301 fe80::e1cb:44b6:33a4:37d7/128
On-link
1 331 ff00::/8 On-link
4 281 ff00::/8 On-link
14 301 ff00::/8 On-link
12 291 ff00::/8 On-link
18 291 ff00::/8 On-link
5 259 ff00::/8 On-linkPersistent Routes:
None5. ipconfig /all :
Host Name . . . . . . . . . . . . : DESKTOP-1432
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : testshopeEthernet adapter Ethernet 2:
Connection-specific DNS Suffix . : testshope
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-27-F9-CD-F3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b832:e27a:5fc8:b788%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.60.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : יום רביעי 16 מאי 2018 18:33:35
Lease Expires . . . . . . . . . . : יום חמישי 16 מאי 2019 18:33:35
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.60.254
DHCPv6 IAID . . . . . . . . . . . : 50396967
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-F3-FE-8F-FC-3F-DB-48-98-CD
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled6. I've also tried to push them to DNS settings - 8.8.8.8 also does not work...
10x
-
1. ping to 8.8.8.8 works fine.
So it's obviously a DNS issue.
The routes are fine.
Can the DNS server you've provide over vpn resolve public addresses? Try a nslookup with an established vpn connection and check if the host name can be resolved and which DNS server is requested.
-
1. ping to 8.8.8.8 works fine.
So it's obviously a DNS issue.
The routes are fine.
Can the DNS server you've provide over vpn resolve public addresses? Try a nslookup with an established vpn connection and check if the host name can be resolved and which DNS server is requested.
as you can see the the public address cant resolved.
C:\Users\sup1>nslookup
DNS request timed out.
timeout was 2 seconds.
Default Server: UnKnown
Address: 8.8.8.8What could be the reason the DNS server 8.8.8.8 fails to resolve DNS?
-
So the client can't reach 8.8.8.8. :o
According to your routing table, it should be routed to your default gateway 192.168.7.254.
Try a "tracert 8.8.8.8" to see where it stucks.Maybe it helps to route the DNS server over the vpn. To do so, add "8.8.8.8/32" to you "IPv4 Local networks" in the vpn server settings (comma separated from other networks).
Also an outbound NAT rule for the vpn tunnel network on WAN is needed in this case. Maybe it was added automatically by pfSense.