OpenVPN installed, iOS client connects, but no internet or local resources
-
I compared your settings with mine.
I have 192.168.2.1 as a DNS for VPN clients - not the LAN based DNS.
Your LAN rules : remove (temporality) the source "LAN Net" here.
You're not using IPv6 so "IPv4 only" seems more logic to me.
When you are connected, can you ping 192.168.1.1 ?
Can you ping a device on LAN, like your plesk server ?
Does DNS work ?
Test with Resolver in pure Resolver mode (1.1.1.1 and 1.0.0.1 aren't needed anyway). -
No internet - could just be that you can not resolve.. Did you set the resolver ACLs correctly? Out of the box it will auto allow your local networks, but not a tunnel network.
As to getting lan clients - do their firewalls allow access from your tunnel network?
No need to remove lan net as source - that has NOTHING to do with traffic from your vpn tunnel.. And is correct..
-
when connected to OpenVPN tunnel from a cellular network through iOS, yes I can actually use safari to log into pfSense firewall at 192.168.1.1.
as far as clients firewalls allowing access from tunnel network, I don't know. Using my previous firewall solution as soon as I connected to OpenVPN, I could access my plex server no problem. How can I allow access from "tunnel" network?
As far as setting resolver ACLs correctly, I have to learn how to do that.
Also, the routes that I see in johnpoz OpenVPN client logs: I don't see routing on mine...
-
I assume this is the setting you're talking about, johnpoz... nothing there... -
So your using the automatic ALCs, which I do not believe adds your tunnel network.. So no you wouldn't be able to resolve anything. if your asking unbound on pfsense.
As to routing, if your using the default all through vpn your fine. But if you can not resolve this would explain no internet, and might also explain no plex access if your trying to resolve it vs access it by IP.
-
i understand now. Undernetworks in the above screenshot, should I add 192.168.2.0? -
Yes you should add your tunnel network and the correct mask for your tunnel network ie using /24 I do believe.
I disable the auto acls - so I manually add them
But default is enabled, so as you see only internal networks are allowed - not tunnel networks.
Should prob check any docs about setting up openvpn and make sure this mentioned, or make sure the tunnel networks are auto added, which I do not believe they are - but would have to double check that... The quick way to test is just do a simple query to your unbound running on pfsense from your vpn client. To validate if you can resolve or not.
-
thank you! adding the resolver settings for tunnel network fixed it.
I appreciate all of your help very much! -
I have this
Isn't that default : non-checked ?
My Resolver ACL list is totally empty.
I can reach all my LAN's just fine from using the OpenVPN.A not working DNS should not impact a ping to a LAN IP, the Plesk device.
-
Non working dns doesn't stop a ping via IP, but stuff doesn't work if your trying to use fqdn to ping ;)
