Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN No WAN access and some other issues

    Scheduled Pinned Locked Moved OpenVPN
    17 Posts 3 Posters 2.7k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      lordbob75
      last edited by

      Good afternoon,

      I've been having some issues with my VPN connection on my phone being very slow and causing problems.

      So I've been trying to figure out how to fix that, and ended up re-creating my VPN server.

      Now, I'm unable to get internet access on the client at all.
      I'm using an Android phone with OpenVPN installed, importing the cert from OpenVPN Client Export wizard.

      When it's connected, OpenVPN shows it having the correct IP address, however the phone shows that it has the wrong IP. No idea why those are different.

      I've gone over every OpenVPN setup guide for PFsense I can find on the internet and followed all of them, but none fixed the issue.

      On top of that, I'm really confused about hardware crypto. I thought my slow speeds with the VPN was because this was setup wrong, but there are 3 options for hardware acceleration (I do have an AES CPU) and I have no idea what to pick. Nor can I find the answer anywhere. Different VPN guides even say different things.
      How do I set this up?

      Not sure what you guys would want to see screenshots/logs of so I'll wait for you to ask then grab it.

      Thanks!

      V 1 Reply Last reply Reply Quote 1
      • V Offline
        viragomann @lordbob75
        last edited by

        @lordbob75 said in OpenVPN No WAN access and some other issues:

        When it's connected, OpenVPN shows it having the correct IP address, however the phone shows that it has the wrong IP.

        What do you mean with 'correct' and 'wrong' IP?

        but there are 3 options for hardware acceleration (I do have an AES CPU) and I have no idea what to pick.

        Set it to "No hardware crypto accelaration".
        At System > Advanced > Miscellaneous > Cryptographic Hardware select "AES-NI CPU-based accelaration".

        L 1 Reply Last reply Reply Quote 0
        • L Offline
          lordbob75 @viragomann
          last edited by

          @viragomann said in OpenVPN No WAN access and some other issues:

          @lordbob75 said in OpenVPN No WAN access and some other issues:

          When it's connected, OpenVPN shows it having the correct IP address, however the phone shows that it has the wrong IP.

          What do you mean with 'correct' and 'wrong' IP?

          So the Phone Settings show a 192.168.4.x address, but OpenVPN shows a 10.0.0.x address. It should be a 10.0.0.x address. Not sure if one of these is wrong or what.
          I could also be totally wrong here, really not sure.

          @viragomann said in OpenVPN No WAN access and some other issues:

          but there are 3 options for hardware acceleration (I do have an AES CPU) and I have no idea what to pick.

          Set it to "No hardware crypto accelaration".
          At System > Advanced > Miscellaneous > Cryptographic Hardware select "AES-NI CPU-based accelaration".

          Ah, thanks much.

          V GertjanG 2 Replies Last reply Reply Quote 0
          • V Offline
            viragomann @lordbob75
            last edited by

            @lordbob75 said in OpenVPN No WAN access and some other issues:

            So the Phone Settings show a 192.168.4.x address

            Where do you see that? In the Android network info or in the OpenVPN app? Which one do you use?

            L 1 Reply Last reply Reply Quote 0
            • L Offline
              lordbob75 @viragomann
              last edited by

              @viragomann said in OpenVPN No WAN access and some other issues:

              @lordbob75 said in OpenVPN No WAN access and some other issues:

              So the Phone Settings show a 192.168.4.x address

              Where do you see that? In the Android network info or in the OpenVPN app? Which one do you use?

              Phone information shows this. I can't find much more network information than that on it.
              The OpenVPN app shows Connected: 10.0.0.x.

              It may have nothing to do with this, I'll admit I'm lost at this point.

              V 1 Reply Last reply Reply Quote 0
              • V Offline
                viragomann @lordbob75
                last edited by

                @lordbob75 said in OpenVPN No WAN access and some other issues:

                Phone information shows this

                That may be the interface IP connected to your provider.

                As I read here, there are issues with DNS on Android with OpenVPN, but I don't know how to solve it, since I don't use any.

                L 1 Reply Last reply Reply Quote 0
                • L Offline
                  lordbob75 @viragomann
                  last edited by

                  @viragomann said in OpenVPN No WAN access and some other issues:

                  @lordbob75 said in OpenVPN No WAN access and some other issues:

                  Phone information shows this

                  That may be the interface IP connected to your provider.

                  As I read here, there are issues with DNS on Android with OpenVPN, but I don't know how to solve it, since I don't use any.

                  That definitely could be the case, I just don't know.

                  I do know this used to work, but for whatever reason I can't figure it out now. I'm fairly confident it's an issue with my PFSense firewall config though.

                  V 1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann @lordbob75
                    last edited by

                    @lordbob75
                    You can simply check if it's a DNS issue by entering a public IP into the browser, i.g. 74.6.231.21 for yahoo.

                    L 2 Replies Last reply Reply Quote 0
                    • L Offline
                      lordbob75 @viragomann
                      last edited by

                      @viragomann said in OpenVPN No WAN access and some other issues:

                      @lordbob75
                      You can simply check if it's a DNS issue by entering a public IP into the browser, i.g. 74.6.231.21 for yahoo.

                      Aha, ok yes that worked. So it's DNS.

                      My OpenVPN server should be pushing the pfsense firewall as the DNS server. I'll take a look at that then.

                      1 Reply Last reply Reply Quote 0
                      • L Offline
                        lordbob75 @viragomann
                        last edited by lordbob75

                        @viragomann said in OpenVPN No WAN access and some other issues:

                        @lordbob75
                        You can simply check if it's a DNS issue by entering a public IP into the browser, i.g. 74.6.231.21 for yahoo.

                        So it turns out I do have an app that shows network settings. I've got the right IP address, subnet, and even the right DNS server.
                        I'm not able to ping anything from that app, whether by IP or hostname.

                        I was able to pull up yahoo and google by IP address in the web browser though.

                        I'm also able to access the firewall on VPN, but not ping it from the app either.

                        V 1 Reply Last reply Reply Quote 0
                        • V Offline
                          viragomann @lordbob75
                          last edited by

                          @lordbob75

                          and even the right DNS server
                          So the DNS server is pfSense?
                          Is there a firewall rule in place on the pfSense allowing the access to the DNS server and pings to go ouit.

                          Is it your intention to route the whole internet traffic over the VPN?
                          If yes, do you also have an outbound NAT rule on WAN interface for the OpenVPN tunnel network?

                          L 1 Reply Last reply Reply Quote 0
                          • L Offline
                            lordbob75 @viragomann
                            last edited by lordbob75

                            @viragomann said in OpenVPN No WAN access and some other issues:

                            @lordbob75

                            and even the right DNS server
                            So the DNS server is pfSense?
                            Is there a firewall rule in place on the pfSense allowing the access to the DNS server and pings to go ouit.

                            Is it your intention to route the whole internet traffic over the VPN?
                            If yes, do you also have an outbound NAT rule on WAN interface for the OpenVPN tunnel network?

                            Yes, I want everything from the phone to go through the VPN.

                            I believe I have the outbound NAT setup correctly, plus it was auto-generated
                            Tried to post a screenshot but it keeps getting flagged as spam for some reason.

                            Source is VPN network, any port
                            Destination is WAN address, any port

                            1 Reply Last reply Reply Quote 0
                            • GertjanG Offline
                              Gertjan @lordbob75
                              last edited by Gertjan

                              @lordbob75 said in OpenVPN No WAN access and some other issues:

                              So the Phone Settings show a 192.168.4.x address,

                              So your connected to a Wifi network. Your not in the wild, using the 3G/4G/5G carrier connection.

                              @lordbob75 said in OpenVPN No WAN access and some other issues:

                              but OpenVPN shows a 10.0.0.x address.

                              OpenVPN what ?
                              The OpenVPN server on pfSense ? Your WAN pfSense has the IP 10.0.0.x ?
                              OpenVPN client on the phone ? Thus the IP it connects to ?
                              Btw : btw : no need to hide RFC1918 addresses, as they are local. We all use the same addresses.

                              Are you connected to Wifi, and are you on the location where you have the pfSense OpenVPN server ? Other location ?

                              @lordbob75 said in OpenVPN No WAN access and some other issues:

                              I believe I have the outbound NAT setup correctly, plus it was auto-generated

                              No need to do anything with NAT.
                              No need t make a NAT rule.
                              The OpenVPN wizard didn't make one neither.
                              It makes a firewall pass rule on the WAN** interface.

                              ** or the interface you chose, but normally it is WAN, as VPN connections come from the 'outside' = a device like your phone somewhere on the Internet that want to come in.

                              General questions :
                              Is your pfSense box behind an ISP device , Modem ? A router ? What is your real WAN IP (the one you have on the Internet (and this time you should use an 'x' ^^).
                              If you are on site - the place where your pfsense openvpn is, connected to your Wifi - which is connected to your pfSense, you do not need (should not use !) a VPN connection. You are already in a - your ! - trusted network, and can connect to local devices. You phone would already use your pfSense router to gain access to the Internet.
                              When testing the VPN connection, shut down your Wifi in your phone first **

                              ** Except if you are on another location, using that local Wifi network. But first, make it work without the phone wifi activated. If that works, you can use the wifi if your not on your location. Example : using the wifi at your friend's place.

                              Tried to post a screenshot but it keeps getting flagged as spam for some reason.

                              You are a new member on a forum. Links, image etc are limited in the beginning (less then 5 up-votes or 'likes'). I'll add one right now to get the process started.

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              L 1 Reply Last reply Reply Quote 0
                              • L Offline
                                lordbob75 @Gertjan
                                last edited by

                                @gertjan said in OpenVPN No WAN access and some other issues:

                                OpenVPN what ?
                                The OpenVPN server on pfSense ? Your WAN pfSense has the IP 10.0.0.x ?
                                OpenVPN client on the phone ? Thus the IP it connects to ?
                                Btw : btw : no need to hide RFC1918 addresses, as they are local. We all use the same addresses.

                                Ah, sorry. The OpenVPN application on my phone, so the client. It should show the IP address my phone is getting for my VPN network.

                                @gertjan said in OpenVPN No WAN access and some other issues:

                                Are you connected to Wifi, and are you on the location where you have the pfSense OpenVPN server ? Other location ?

                                I'm at home and just turning my wifi off on my phone to connect with the VPN over the cell network.

                                @gertjan said in OpenVPN No WAN access and some other issues:

                                @lordbob75 said in OpenVPN No WAN access and some other issues:

                                I believe I have the outbound NAT setup correctly, plus it was auto-generated

                                No need to do anything with NAT.
                                No need t make a NAT rule.
                                The OpenVPN wizard didn't make one neither.
                                It makes a firewall pass rule on the WAN** interface.

                                ** or the interface you chose, but normally it is WAN, as VPN connections come from the 'outside' = a device like your phone somewhere on the Internet that want to come in.

                                Well it says auto-generated in the description.

                                @gertjan said in OpenVPN No WAN access and some other issues:

                                General questions :
                                Is your pfSense box behind an ISP device , Modem ? A router ? What is your real WAN IP (the one you have on the Internet (and this time you should use an 'x' ^^).
                                If you are on site - the place where your pfsense openvpn is, connected to your Wifi - which is connected to your pfSense, you do not need (should not use !) a VPN connection. You are already in a - your ! - trusted network, and can connect to local devices. You phone would already use your pfSense router to gain access to the Internet.
                                When testing the VPN connection, shut down your Wifi in your phone first **

                                ** Except if you are on another location, using that local Wifi network. But first, make it work without the phone wifi activated. If that works, you can use the wifi if your not on your location. Example : using the wifi at your friend's place.

                                ISP Modem > PFsense firewall > LAN
                                I'm turning off wifi on my phone and connecting to it over the cell network.

                                @gertjan said in OpenVPN No WAN access and some other issues:

                                Tried to post a screenshot but it keeps getting flagged as spam for some reason.

                                You are a new member on a forum. Links, image etc are limited in the beginning (less then 5 up-votes or 'likes'). I'll add one right now to get the process started.

                                Oh ok. I suppose I could link to Imgur or something too.

                                GertjanG 1 Reply Last reply Reply Quote 0
                                • GertjanG Offline
                                  Gertjan @lordbob75
                                  last edited by

                                  @lordbob75 said in OpenVPN No WAN access and some other issues:

                                  ISP Modem > PFsense firewall > LAN

                                  pfSense has the WAN ("Internet" IP) and not an RFC1918, right ?

                                  When yon use your cell phone, you can see that it uses this IP to connect to, right ?

                                  No "help me" PM's please. Use the forum, the community will thank you.
                                  Edit : and where are the logs ??

                                  L 1 Reply Last reply Reply Quote 0
                                  • L Offline
                                    lordbob75 @Gertjan
                                    last edited by

                                    @gertjan said in OpenVPN No WAN access and some other issues:

                                    @lordbob75 said in OpenVPN No WAN access and some other issues:

                                    ISP Modem > PFsense firewall > LAN

                                    pfSense has the WAN ("Internet" IP) and not an RFC1918, right ?

                                    When yon use your cell phone, you can see that it uses this IP to connect to, right ?

                                    Correct, my PFSense WAN gateway has a public IP 71.84.X.X
                                    I'm not sure how I'd see it on my phone but everything works normally when connected to wifi, it's just VPN.

                                    1 Reply Last reply Reply Quote 0
                                    • L Offline
                                      lordbob75
                                      last edited by

                                      It's working again after restoring from my most recent backup.

                                      No clue what went wrong before.

                                      I've turned off hardware acceleration in OpenVPN server and it does look like the speed increased, but it also looks like my network isn't getting the right speeds so I can't tell what I'll get until that's fixed by the ISP.

                                      I did go from 5Mb/s to 20 though, so that's a good sign.

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.