Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense blocks VPN Connection to company

    Scheduled Pinned Locked Moved Firewalling
    21 Posts 7 Posters 3.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8 @brainzina
      last edited by

      @brainzina said in PFSense blocks VPN Connection to company:

      Still, is it a problem to have an OpenVPN client running on the PFSense? I do have one that I use from time to time.

      No, have running one all the time myself.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Yeah I have a vpn client connected to one of my vps 24/7 - use it for testing when helping in threads that are doing vpn client connection. I don't route any traffic out it normally - but its connected all the time.. If I ever want a box to use the vpn its simple policy route change in the firewall rules.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @brainzina
          last edited by

          @brainzina said in PFSense blocks VPN Connection to company:

          I will wait for the reply of the company regarding the actual VPN but if that brings me further, I will re install the whole router.

          Before you do anything, find out what the company requires. All pfSense can do is provide a VPN. The company might uses something else. If they say use OpenVPN, then they should provide the details. Before you know that, you're wasting your time and effort.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @brainzina
            last edited by

            @brainzina said in PFSense blocks VPN Connection to company:

            Because if I connect the laptop of my girlfriend directly to the modem it works.

            Many companies will install the necessary VPN software on the user's computer. If this is the case, then you may have to configure some rules. However, until you know, we don't either and can't provide useful advice.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • B
              brainzina
              last edited by

              I resolved it in disabling the DNS Resolver.

              Now it works.

              GertjanG 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                So your whatever you were trying to access couldn't be resolved by the resolver - for why? You could not talk to the authoritative NS, it was failing dnssec?

                What is the specific fqdn that would not resolve? If you don't want to post it, send it to me via PM.. and I will look into what might be wrong and prevent resolution.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @brainzina
                  last edited by

                  @brainzina said in PFSense blocks VPN Connection to company:

                  I resolved it in disabling the DNS Resolver.

                  Interesting.
                  Stopping DNS facilities normally breaks things, that's a fact..
                  Try for yourself : can you see packages on this page : System >> Package Manager >> Available Packages now ?
                  With no DNS, pfSense can't resolve for your network anymore, neither for itself. Example : update checks.

                  There is something 'non standard' that you didn't tell us ... yet.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • B
                    brainzina
                    last edited by

                    Actually I don't get it.

                    In the dialog box of the VPN client on the laptop it tried to connect to several internal urls (with .local). It listed some internal DNS servers and the PFSense.
                    After deactivating the DNS Resolver it listed the internal DNS servers and the two Google DNS servers I added.

                    My setup is re installed. I changed nothing except some static DHCP Leases.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      @brainzina said in PFSense blocks VPN Connection to company:

                      it tried to connect to several internal urls (with .local).

                      Well that would never resolve unless it was local and was using mdns.. A misconfig on the client without a domain might try and resolve just a host name by looking for host.local, etc.

                      But pointing a client to an external DNS sure and the F would not allow it to resolve anything with a .local TLD..

                      More than happy to help you figure out what was/is going on - but need some details... What specific FQDN is your vpn client suppose to connect too? This should be easy enough to see in the client vpn configuration.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • B
                        brainzina
                        last edited by

                        I really don't really get it. Not PFSense assigns the DNS servers (I used the Google ones) directly to the clients. So on my computer right now I see these DNS servers.

                        @Gertjan said in PFSense blocks VPN Connection to company:

                        Try for yourself : can you see packages on this page : System >> Package Manager >> Available Packages now ?

                        Yes, that works.

                        The VPN connection is OpenVPN. The config file ist relatively regular, it connects to an IP.
                        The connection establishing seems to work with a different program. that first tries to connect to other servers. Unfortunately there is no config file for this program. It seems that it trys some hosts by IP then adds internal DNS servers and then trys to connect to some internal URLs by name. And that is what did not work before I disabled the resolver.

                        The IT department of the company is overloaded so they are not available for a little chat right now.

                        1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @johnpoz
                          last edited by

                          @johnpoz said in PFSense blocks VPN Connection to company:

                          But pointing a client to an external DNS sure and the F would not allow it to resolve anything with a .local TLD..

                          What happens if the VPN-client app was launched on a PC ?
                          The "external DNS" for a device doesn't matter then, it could have been overridden by the remote VPN company DNS server. That one could resolve 'local' URL like .local just fine, handinh over a "local IP" before resolving other, global hostnames.
                          Isn't this how companies set up the PC's VPN clients of there road warriors ?! The VPN server's DNS 'sees' all the DNS requests of their employees, and can pass/block whatever they need ?

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • B
                            brainzina
                            last edited by

                            That was my understanding too but it did not work. Ironically it work with other DNS servers as the one of my PFSense.

                            1 Reply Last reply Reply Quote 0
                            • WanicialaW
                              Waniciala
                              last edited by

                              This post is deleted!
                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.