While pfsense openvpn client is running, can't access other VLANS on my network
-
Hi all,
I successfully set up an openvpn client in my SG-3100 to connection to private internet access.
I set up the VPN so its only being applied to one VLAN while other VLANS are still using my fios outbound with no VPN. When the VPN client is running, I am not able to access things on other VLANS. Could anybody help resolve this please?
-
@clags said in While pfsense openvpn client is running, can't access other VLANS on my network:
Hi all,
I successfully set up an openvpn client in my SG-3100 to connection to private internet access.
I set up the VPN so its only being applied to one VLAN while other VLANS are still using my fios outbound with no VPN. When the VPN client is running, I am not able to access things on other VLANS. Could anybody help resolve this please?
You need to create a firewall rule allowing vlan1 to speak with vlan2, without a gateway set (use default).
This rule must be above the firewall rule that is using the openvpn gateway. -
@mcury Sorry I also forgot to mention i can't access hosts on my untagged LAN network. I have an ESX host running on the LAN that I can't access while the VPN client is running, but once I disable the VPN client all is good again.
-
@clags said in While pfsense openvpn client is running, can't access other VLANS on my network:
@mcury Sorry I also forgot to mention i can't access hosts on my untagged LAN network. I have an ESX host running on the LAN that I can't access while the VPN client is running, but once I disable the VPN client all is good again.
Can you show your firewall rules for this VLAN that is using the openvpn?
What I think is happening is that your connection to other VLANs are being sent over vpn.
When you configure a firewall rule with gateway set, you are using a policy route.https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html
dead on arrival, nowhere to be found.
-
Don't pull routes maybe ?
Diagnostics -> Routes does it show your WAN interface as the default route, if not it will be pushing all your traffic down the PIA gateway.
-
@nogbadthebad said in While pfsense openvpn client is running, can't access other VLANS on my network:
Don't pull routes maybe ?
Diagnostics -> Routes does it show your WAN interface as the default route, if not it will be pushing all your traffic down the PIA gateway.
I thought of that, but this would cause all his VLANs to go over VPN..
-
@mcury said in While pfsense openvpn client is running, can't access other VLANS on my network:
What I think is happening is that your connection to other VLANs are being sent over vpn.
I think that is exactly what is happening. I ran a traceroute to a host on my LAN (10.2.8.15) and it looked like it was trying to go out over the internet.
-
@clags what does the default route show ?
-
@clags So, try the following:
You need to create a firewall rule allowing vlan1 to speak with vlan2, without a gateway set (use default).
This rule must be above the firewall rule that is using the openvpn gateway.Allow VLAN1 to VLAN2 gateway default
Allow VLAN to any gateway openvpnAnd tell us if it's working.
-
I believe I have solved the issue. The issue was not having a rule for the default gateway as you had said. My firewall had a rule for the VPN gateway explicitly as I was experimenting with rules earlier to only send certain hosts out the VPN so my wife's iPad could still use HULU. Thank you for the help!
-
@clags Hi Clags, I'm experiencing your same problem. While my openvpn client service is running, my other vlans cannot go out in internet. As I'm not a guru of Pfsense, would you be please so kind to tell me what are the steps to take in order to solve the problem ? Thanks in advance
-
@massimope this is a really old thread, and not about internet access.. But about policy routing where was forcing traffic out a specific gateway, ie the vpn..
https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing
If your trying to get multiple vlans to use your vpn client connection.. That would be most likely related to your outbound nat, not including your vlans networks..
Vs jumping on a 3 year old thread.. I would suggest you start your own with your own details of what exactly your wanting to accomplish.. Are you policy routing out specific to your vpn client connection, are you wanting to default route everything out the vpn?
What is your outbound nat settings? etc..
