Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot go on Internet from my remote location over vpn connection

    Scheduled Pinned Locked Moved OpenVPN
    16 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • czar666C
      czar666
      last edited by

      Many information exists on this forum and Internet but I just can't filter out the solution for me.
      It's quite simple. I just installed pfSense and configured OpenVPN server on it. I downloaded the client with the "Client Export" tool and installed it on my laptop (Windows). Nothing more.
      Everything works fine except one thing. When I use my client on the Windows laptop on a remote location and I am connected successfully to my pfSense box at home, I cannot go on Internet. I can rdp to a desktop pc at home and go on Internet via that way though. But why can I not just open a browser at my remote location and throw my http requests through the tunnel and get my page on my browser? I'd like to go on 'what is my ip' and see the public IP address from my home. Do I have to tweak my nat and rule settings? Till now I just have "auto created" nat rules and firewall rules. Didn't touched that part yet. Should I learn more about PIA? I saw an explanation about giving your OpenVPN an interface (OPT1).
      Also I can find much info about site-to-site vpn's but that is not my setup here. I have one pfSense at home and want to connect to it through OpenVPN client and go on Internet.
      Thanks for the support.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Do you've checked "Redirect gateway" in the OpenVPN server settings?

        You also need an NAT rule for the VPN subnet. Firewall > NAT > Outbound
        If you've used the wizard for setup it will have done this automatically.

        1 Reply Last reply Reply Quote 0
        • czar666C
          czar666
          last edited by

          Thanks for the reply viragomann.
          Yes, "Redirect gateway" is checked.
          And indeed I used the wizard. So I have the automatically created NAT rules.
          But still no browsing from my client from a remote location. Neither from my mobile btw (I also installed a client on my phone).
          Http traffic is not returned. Any other idea?
          I am reading that pfSense book. I just started to read the OpenVPN part and it's saying that OpenVPN interfaces may be assigned under 'Interfaces'. Assigning an OpenVPN interface will let me create interface-specific rules. I am diving into that now. I'll post it if I had any success with this.

          pfsense(1).PNG
          pfsense(1).PNG_thumb
          pfsense(2).PNG
          pfsense(2).PNG_thumb

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            Possibly there is no "allow" rulel on the openvpn interface in the firewall?

            1 Reply Last reply Reply Quote 0
            • czar666C
              czar666
              last edited by

              I have this automatically created rule for OpenVPN.
              Seems to be what you are referring to I think.

              pfsense(3).PNG
              pfsense(3).PNG_thumb

              1 Reply Last reply Reply Quote 0
              • V
                viragomann
                last edited by

                Assigning an interface to the vpn server or client on pfSense is only needed if you run multiple vpn instances.

                Please post the routing table of the client when connection is established.

                1 Reply Last reply Reply Quote 0
                • czar666C
                  czar666
                  last edited by

                  Ok thanks for the elaboration. I wont assign an interface to my vpn server then, as I don't run multiple vpn instances.
                  Here is a screenshot from my clients ipconfig and routing table.

                  pfsense(5).PNG
                  pfsense(5).PNG_thumb
                  pfsense(6).PNG
                  pfsense(6).PNG_thumb

                  1 Reply Last reply Reply Quote 0
                  • V
                    viragomann
                    last edited by

                    I can't see any cause for that issue.

                    Are you able to access the DNS? Try an internet host with its IP for testing, e.g. http://206.190.36.45

                    If that isn't the problem I'd suggest to go to troubleshooting. Take a packet capture (Diagnostic > Packet capture) from the OpenVPN and the WAN interface while you try to access a Web host, limited to source or dest IP or port.

                    1 Reply Last reply Reply Quote 0
                    • czar666C
                      czar666
                      last edited by

                      I went to http://206.190.36.45 without success (see screenshot). It is saying 'Yahoo' in the tab of IE though. But the page stays empty.
                      After that I went to the Packet Capture feature. I started a capture first from the OpenVPN and then the WAN interface with a filter on the Ip address you just suggested to go to (206.190.36.45). As we now know it is not dns I just refreshed the IE page and went to the site via ip address.
                      I don't really see a problem in the Wireshark output. But I am not a pro so I probably oversee things.
                      Probably not enough, but I added screenshots of Wireshark output.

                      pfsense(7).PNG
                      pfsense(7).PNG_thumb
                      pfsense(8).PNG
                      pfsense(8).PNG_thumb
                      pfsense(9).PNG
                      pfsense(9).PNG_thumb

                      1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi
                        last edited by

                        About time to post alll of your firewall rules.

                        1 Reply Last reply Reply Quote 0
                        • czar666C
                          czar666
                          last edited by

                          Here are all my rules. For the moment all have been created automatically.
                          We may not have found the solution yet but thanks both of you for the replies and suggestions.

                          pfsense(10).PNG
                          pfsense(10).PNG_thumb
                          pfsense(11).PNG
                          pfsense(11).PNG_thumb
                          pfsense(12).PNG
                          pfsense(12).PNG_thumb

                          1 Reply Last reply Reply Quote 0
                          • V
                            viragomann
                            last edited by

                            So the pfsense(8^).PNG is taken form WAN with hidden WAN address and pfsense(9).PNG is from OpenVPN, I assume.
                            Everything there is looking all right. You get response from the webserver to the client on the OpenVPN interface, but IE doesn't load the page. So your pfSense firewall rules will be okay.

                            Strange behaviour. Can you test that with another browser or try a ping from the client?

                            1 Reply Last reply Reply Quote 0
                            • czar666C
                              czar666
                              last edited by

                              STOP searching for the answer. I don't know why yet but with my mobile it works now.
                              When I go on Internet with my Android phone after I connected with the OpenVPN app, I can go to https://www.whatismyip.com/ and see the public IP of my pfSense box. So I guess it's ok and that something on my corporate laptop is blocking. I am not on the corporate network though. I have a connection to a modem to bypass the firewall and to do tests for work. So no firewall on my remote location. My proxy settings in my browser are also set to "automatically detect". I didn't forget that one. But still I can't see the webpages I request.
                              So now I am deep ashamed for all the time you two spent in reading my reactions and viewing my screenshots. Sorry…

                              1 Reply Last reply Reply Quote 0
                              • K
                                kejianshi
                                last edited by

                                Corporate laptop?

                                Do you have admin rights to that laptop or is your account a user account and not admin privileges?

                                1 Reply Last reply Reply Quote 0
                                • czar666C
                                  czar666
                                  last edited by

                                  Update:
                                  It works also on my corporate laptop now.
                                  First, Kejianshi, to answer your question: I have more rights than 'normal' users, but I am not full admin. Certain things like disabling anti-virus is not possible. But that was not the problem.

                                  Solution:
                                  My home router (the pfSense) his local IP is 192.168.1.1. Classic. But the local IP of the modem I used on my remote location was also 192.168.1.1. The last one I changed to 192.168.0.1. And now when connected through OpenVPN I can open my webbrowser, go on whatismyip and see the public IP adress from home.

                                  So when I had the problem I assume that when I opened my webbrowser and tried to go on Internet the traffic got confused somewhere when coming back to my laptop at the remote location.

                                  1 Reply Last reply Reply Quote 0
                                  • K
                                    kejianshi
                                    last edited by

                                    Yep - Very common affliction.  Its a good idea to go with the 192.168.x.x - for both the Xs pick a random number between 2 and 254 or so.

                                    The reason I asked about admin rights its because its always a good idea to right click the install icon for openvpn and run as admin - and then always run the program as admin after from then on.  Saves lots of grief.

                                    Anyway - Sounds like you already have it worked out.  Enjoy.

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.