OpenVPN server behind Router (solved Static Route)

xman111 · Aug 1, 2016, 5:03 AM

Hey guys, quick question. I am living in my parents bedroom while our house is being built. I don't want to mess with their internet so I have my PFsense WAN plugged into a port on their Asus router. So far, everything works great. On their router, i assigned a static IP to my WAN on my PFsense and also put it in the DMZ.

I am trying to get PFsense OpenVPN server working behind the router. If I am connected on my network, I can VPN into the server so that part is fine. The problem is when I try to connect from the outside. I tried port forwarding port 1194 on the Asus to the PFsense WAN but it doesn't work.

Any help would be much appreciated. I figured with the port forward and DMZ it would work. Not sure if I need a static route or something similar.

marvosa · Jul 29, 2016, 3:39 AM

In theory, if you put it in the DMZ, you "shouldn't" need the port forward…. all ports should already to be forwarded to the DMZ host and it should just work.

I would take it out of the DMZ, forward port 1194 to the PFsense WAN IP, then I believe you may also need to add a route on your edge router for your OpenVPN tunnel network.

Another thing to check are the firewall rules on your WAN. Make sure port 1194 is open on your WAN interface. You should have a line like this:

If you didn't use the wizard to create your OpenVPN server, you have to add the firewall rules manually.

xman111 · Jul 29, 2016, 5:01 AM

thanks for the response Marvosa, appreciate it. I did get it to connect from my cell phone, i will try to remove the port forward but it does connect successfully right away. The only problem is if I connect, I don't have any internet access, anyone have any ideas?

I just checked and I do have that rule on the WAN.

xman111 · Jul 29, 2016, 6:03 AM

looks like the internet works when i connect to my network from my laptop. Doesn't seem to work when i connect to pfsense with openvpn connect on my Android phone.

viragomann · Jul 29, 2016, 1:46 PM

I guess the phone can't reach the DNS. Check by entering an IP in the browser, i.g. 173.194.66.139 for google.com.

xman111 · Jul 29, 2016, 5:39 PM

just tried that and still wouldn't work. the phone is most important to me i always have it, especially at work.

xman111 · Jul 30, 2016, 1:49 AM

when I connect with my phone, I can ping pfsense but still no internet.

xman111 · Jul 30, 2016, 4:53 PM

hey guys, not that anyone cares but I think I found the solution. I was using a smart DNS service that was getting around Netflix geoblocking. Part of that had static routes on my edge router. One of them was the google dns which I think the VPN client was trying to use for it's own DNS. As soon as i turned off static routes, my mobile devices can connect through the VPN and access the internet and everything else.