Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot access any Web-Services (but can ping them) from OpenVPN Client

    OpenVPN
    2
    5
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      randomPerson
      last edited by

      Hi,

      I have an OpenVPN server running on my pfSense. When logged in, clients can access any device in the LAN-net. However, accessing Web pages is a problem because although I can ping the IP-Adresses (but not the URLs) of the page, I can't access the Web Page itself (even if I enter the IP Adress of the Web Page into the Browser).

      The screenshots of my currently active Firewall-Rules as well as my ping-test are below.

      OutboundNAT.PNG FirewallRulesWANInterface.PNG FirewallRulesOpenVPNInterface.PNG FirewallRulesLANInterface.PNG

      Any help is greatly appreciated.

      R 1 Reply Last reply Reply Quote 0
      • R
        randomPerson @randomPerson
        last edited by

        Forgot the Pings
        PingTest.PNG

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by

          So your client is missing a DNS.
          If you route any traffic over the VPN you should also provide a DNS in the VPN server settings and ensure that your rules allow that access.

          Furthermore, the first one of your Outbound NAT rules (VPN to WAN) is rubbish. Since you're running an access server, you may not want to go out any packet on the OpenVPN interface.
          For upstream traffic from VPN clients you need a rule on WAN with source = tunnel network. Maybe this is the nameless second one. Hard to say, without knowing your tunnel network.

          R 1 Reply Last reply Reply Quote 0
          • R
            randomPerson
            last edited by randomPerson

            @viragomann

            Hi,

            thanks for the quick reply. So I've removed the first Outbound NAT rule. You were right about the second one, the 10.0.2.0 is the tunnel network. I've also added the following line to the OpenVPN Client file:

            dhcp-option DNS 192.168.1.1

            This makes the config-file look as follows:

            dev tun
            persist-tun
            persist-key
            cipher AES-256-CFB
            auth SHA384
            tls-client
            client
            resolv-retry infinite
            remote [DynDNS-Adress] [OpenVPN Port] udp
            setenv opt block-outside-dns
            lport 0
            dhcp-option DNS 192.168.1.1

            Now I get the following error message:
            Options error: Unrecognized option or missing or extra parameter(s) in pfSense-UDP4-12389-Julius-config.ovpn:12: dhcp-option (2.4.6)

            What can I do here?

            Again, any help is greatly appreciated.

            1 Reply Last reply Reply Quote 0
            • R
              randomPerson @viragomann
              last edited by randomPerson

              @viragomann

              @randomPerson said in Cannot access any Web-Services (but can ping them) from OpenVPN Client:

              Now I get the following error message:
              Options error: Unrecognized option or missing or extra parameter(s) in pfSense-UDP4-12389-Julius-config.ovpn:12: dhcp-option (2.4.6)

              The problem is resolved, the extra space before the dhcp-option was causing trouble.

              Thanks for the help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.