PFSense blocks VPN Connection to company
-
@brainzina said in PFSense blocks VPN Connection to company:
Still, is it a problem to have an OpenVPN client running on the PFSense? I do have one that I use from time to time.
No, have running one all the time myself.
-
Yeah I have a vpn client connected to one of my vps 24/7 - use it for testing when helping in threads that are doing vpn client connection. I don't route any traffic out it normally - but its connected all the time.. If I ever want a box to use the vpn its simple policy route change in the firewall rules.
-
@brainzina said in PFSense blocks VPN Connection to company:
I will wait for the reply of the company regarding the actual VPN but if that brings me further, I will re install the whole router.
Before you do anything, find out what the company requires. All pfSense can do is provide a VPN. The company might uses something else. If they say use OpenVPN, then they should provide the details. Before you know that, you're wasting your time and effort.
-
@brainzina said in PFSense blocks VPN Connection to company:
Because if I connect the laptop of my girlfriend directly to the modem it works.
Many companies will install the necessary VPN software on the user's computer. If this is the case, then you may have to configure some rules. However, until you know, we don't either and can't provide useful advice.
-
I resolved it in disabling the DNS Resolver.
Now it works.
-
So your whatever you were trying to access couldn't be resolved by the resolver - for why? You could not talk to the authoritative NS, it was failing dnssec?
What is the specific fqdn that would not resolve? If you don't want to post it, send it to me via PM.. and I will look into what might be wrong and prevent resolution.
-
@brainzina said in PFSense blocks VPN Connection to company:
I resolved it in disabling the DNS Resolver.
Interesting.
Stopping DNS facilities normally breaks things, that's a fact..
Try for yourself : can you see packages on this page : System >> Package Manager >> Available Packages now ?
With no DNS, pfSense can't resolve for your network anymore, neither for itself. Example : update checks.There is something 'non standard' that you didn't tell us ... yet.
-
Actually I don't get it.
In the dialog box of the VPN client on the laptop it tried to connect to several internal urls (with .local). It listed some internal DNS servers and the PFSense.
After deactivating the DNS Resolver it listed the internal DNS servers and the two Google DNS servers I added.My setup is re installed. I changed nothing except some static DHCP Leases.
-
@brainzina said in PFSense blocks VPN Connection to company:
it tried to connect to several internal urls (with .local).
Well that would never resolve unless it was local and was using mdns.. A misconfig on the client without a domain might try and resolve just a host name by looking for host.local, etc.
But pointing a client to an external DNS sure and the F would not allow it to resolve anything with a .local TLD..
More than happy to help you figure out what was/is going on - but need some details... What specific FQDN is your vpn client suppose to connect too? This should be easy enough to see in the client vpn configuration.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
I really don't really get it. Not PFSense assigns the DNS servers (I used the Google ones) directly to the clients. So on my computer right now I see these DNS servers.
@Gertjan said in PFSense blocks VPN Connection to company:
Try for yourself : can you see packages on this page : System >> Package Manager >> Available Packages now ?
Yes, that works.
The VPN connection is OpenVPN. The config file ist relatively regular, it connects to an IP.
The connection establishing seems to work with a different program. that first tries to connect to other servers. Unfortunately there is no config file for this program. It seems that it trys some hosts by IP then adds internal DNS servers and then trys to connect to some internal URLs by name. And that is what did not work before I disabled the resolver.The IT department of the company is overloaded so they are not available for a little chat right now.
-
@johnpoz said in PFSense blocks VPN Connection to company:
But pointing a client to an external DNS sure and the F would not allow it to resolve anything with a .local TLD..
What happens if the VPN-client app was launched on a PC ?
The "external DNS" for a device doesn't matter then, it could have been overridden by the remote VPN company DNS server. That one could resolve 'local' URL like .local just fine, handinh over a "local IP" before resolving other, global hostnames.
Isn't this how companies set up the PC's VPN clients of there road warriors ?! The VPN server's DNS 'sees' all the DNS requests of their employees, and can pass/block whatever they need ? -
That was my understanding too but it did not work. Ironically it work with other DNS servers as the one of my PFSense.
-
This post is deleted!
