VPN up - Gateway Down - VPN not routing out to internet
-
Hello All,
I am having a hard time figuring this out. I have followed many different sites to try and resolve to no avail.
Version 2.3.5-RELEASE-p2 (i386)
built on Thu May 10 15:06:00 CDT 2018
FreeBSD 10.3-RELEASE-p29
Platform nanobsd (4g)I cannot route out to internet via the OPENVPN AS Server. It works fine when i connect my laptop (Linux) or Android phone, so the OPENVPN AS server is setup properly.
VPN Client Status is up
The status of the Pfsense is as follows:
VPN Interface:
OUTBOUND NAT Rules:
VPN Client Settings:
I can ping the internet from the VPN Interface:
It has to be a NAT/Routing issue but have cannot figure it out!!
Any help or suggestions welcomed!!
Thanks in advanced!
-
Your settings are a bit different from what I'm used to seeing, but perhaps that's something to do with your VPN provider.
On my client connections, I don't specify the local or remote networks. They're assigned automatically.
Your outbound NAT rules are wrong. That rule you have highlighted should be Source 192.168.1.0/24 to JAMVPN address. You don't need the port 500 rule. Delete those two rules at the end, they're not needed.
Lastly, you didn't show your LAN rules. You need to use LAN rules to redirect the traffic out the VPN gateway instead of default or WAN.
-
@KOM thanks for reply!
Updated NAT rules:
These are existing LAN rules:
Plese clarify what needs to be changed here.
-
Well, I think you have a typo in your JAMVPN rule. Your local LAN is 192.168.1.0, not 192.168.0.0. Next, I wasn't clear when I said to delete the port 500 rule. I meant for the VPN connection only. You deleted the one for your local network, but it doesn't matter unless you're running IPSEC VPN.
For your LAN rules, unless you're using IPv6 on your network you can delete the last rule.
Lastly, edit the IPv4 Default allow LAN to any rule. Click Advanced Options. Scroll down near the bottom to the Gateway field and select JAMVPN. Apply it and now all traffic should go through the gateway. You can further craft your rules to allow only select clients through, or only select ports for running torrents for example.
Here is an example of my outbound rules.
And my LAN rules.
-
Made correction to typo:
Also modified the LAN rules:
It still not routing out the VPN.
Thanks again for your time.
-
@wrodriguez56 do you have the same network defined for remote network and WANGW?
10.0.0.0
-
Good catch. I did tell him earlier that those are autogenerated so i don't think he has to specify the tunnel & remote networks at all, but I could be wrong depending on his ISP.
-
Thank you @KOM , issue has been resolved. Thank you for your help.
-
@wrodriguez56 After all that, would be OK to ask what fixed things for you?
-
-
@wrodriguez56 awesome!
Might help someone else reading down the road.