Can Reach LAN, WAN appears to be blocked

statecowboy

I'm having issues with my setup. My goal is to create a vpn connection that allows me to reach my LAN (I currently can) as well as tunnel all traffic through my home connection (currently cant do this). I've pasted screenshots of my openvpn config, port forwarding, and NAT outbound rules. Please let me know what else is needed. Thanks in advance.

OpenVPN Info.zip

kiokoman

what exactly is not working?
can you ping 8.8.8.8 from the vpn or no traffic is passing? did you try with packet capture to see what is happening? you are not providing dns server list to your vpn client

statecowboy

I can access my LAN after logging in, but it appears all WAN traffic is blocked. I can't access any sites outside of my LAN. Screenshot of ping attached. I'm not sure how to try packet capture. I will google it and see if I can figure that out.

OK, I ran a quick packet capture. I attempted to access three different sites. I accessed my server and the pfsense firewall (both succesfully) and attempted to access nbcnews.com (not successful).

09:02:08.722417 IP 10.0.0.2.51903 > 192.168.1.1.80: tcp 0
09:02:09.500269 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
09:02:09.500403 IP 10.0.0.2.51906 > 10.8.34.225.4287: tcp 0
09:02:09.500480 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
09:02:09.518024 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 0
09:02:09.527712 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
09:02:09.531434 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 145
09:02:09.549335 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 0
09:02:09.553991 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 1317
09:02:09.565701 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 0
09:02:09.567211 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 1228
09:02:09.575179 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
09:02:09.576173 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 145
09:02:09.586340 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 51
09:02:09.598175 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 425
09:02:09.616385 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 422
09:02:09.636508 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 331
09:02:09.640963 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 0
09:02:09.643738 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 1337
09:02:09.680217 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 1358
09:02:09.680252 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 1072
09:02:09.734825 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
09:02:09.743801 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 1228
09:02:09.810149 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 51
09:02:09.824775 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 432
09:02:09.850817 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 70
09:02:09.875978 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 87
09:02:09.890286 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 399
09:02:09.904016 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 314
09:02:09.907219 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 70
09:02:09.935923 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 566
09:02:09.971624 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 58
09:02:09.995632 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
09:02:10.021505 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
09:02:10.039427 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 58
09:02:10.104702 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 58
09:02:10.197397 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
09:02:10.262495 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 38
09:02:10.311963 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
09:02:10.741322 IP 10.0.0.2.60950 > 8.8.8.8.53: UDP, length 38
09:02:10.805641 IP 8.8.8.8.53 > 10.0.0.2.60950: UDP, length 92
09:02:10.822093 IP 10.0.0.2.64442 > 8.8.8.8.53: UDP, length 39
09:02:10.852951 IP 8.8.8.8.53 > 10.0.0.2.64442: UDP, length 55
09:02:10.877846 IP 10.0.0.2.49893 > 141.193.16.125.53: UDP, length 102
09:02:10.930072 IP 141.193.16.125.53 > 10.0.0.2.49893: UDP, length 30
09:02:12.499970 IP 10.0.0.2.51906 > 10.8.34.225.4287: tcp 0
09:02:13.756016 IP 10.0.0.2.65114 > 8.8.8.8.53: UDP, length 38
09:02:13.820033 IP 8.8.8.8.53 > 10.0.0.2.65114: UDP, length 92
09:02:13.833134 IP 10.0.0.2.49526 > 8.8.8.8.53: UDP, length 39
09:02:13.845649 IP 8.8.8.8.53 > 10.0.0.2.49526: UDP, length 55
09:02:13.859264 IP 10.0.0.2.50330 > 141.193.16.125.53: UDP, length 102
09:02:13.911708 IP 141.193.16.125.53 > 10.0.0.2.50330: UDP, length 30
09:02:18.500903 IP 10.0.0.2.51906 > 10.8.34.225.4287: tcp 0
09:02:21.799962 IP 10.0.0.2.51913 > 10.3.35.15.7084: tcp 0
09:02:23.656709 IP 10.0.0.2.59527 > 10.3.35.138.389: UDP, length 168
09:02:24.058511 IP 10.0.0.2.59527 > 10.3.35.138.389: UDP, length 168
09:02:24.800220 IP 10.0.0.2.51913 > 10.3.35.15.7084: tcp 0
09:02:28.868349 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
09:02:28.868500 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 0
09:02:28.869789 IP 10.0.0.2.51915 > 192.168.1.242.80: tcp 0
09:02:28.869974 IP 192.168.1.242.80 > 10.0.0.2.51915: tcp 0
09:02:28.876510 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
09:02:28.876870 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 583
09:02:28.877209 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 0
09:02:28.877240 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 326
09:02:28.877616 IP 10.0.0.2.51915 > 192.168.1.242.80: tcp 0
09:02:28.889675 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 587
09:02:28.919104 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.919125 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.919164 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.919179 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.919194 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.919207 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.919220 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 165
09:02:28.919233 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.919261 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.919271 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.919283 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.929441 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
09:02:28.929498 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
09:02:28.929694 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.929712 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.929722 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.930117 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
09:02:28.930328 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
09:02:28.930378 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
09:02:28.930453 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.930469 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.930479 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.931335 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.931352 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.931960 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.931976 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.931985 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.932842 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.932861 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.932871 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.933681 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.933696 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
09:02:28.933705 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358

kiokoman

ping was working ok
you are probably missing this option

statecowboy

@kiokoman - I'm not exactly sure what to put in for the DNS ip. I am running a DNS resolver on my firewall. Capture 2.PNG

EDIT - GOT IT! I ended up putting my PFSENSE server's ip in there and it works. Thanks for the help!

kiokoman

correct, you put the ip of your preferred dns resolver, aka ip of the pfsense in your case
don't forget to press thumb up if it was useful