Remote VPN and internet access



  • I've setup a Remote VPN and I can access my servers using it but can't access the internet while connected to the VPN. I tried adding this to the Firewall/outgoing but it still doesn't allow access to the web.  What am I missing?




  • Did you checked the OpenVPN option "Redirect Gateway"?
    Is the OpenVPN gateway the default at the client route list?


  • LAYER 8 Netgate

    If you want your OpenVPN clients to be able to get out WAN you need to make sure their tunnel network addresses or remote network addresses are included in the outbound NAT rules on WAN, not OpenVPN.



  • @Derelict:

    If you want your OpenVPN clients to be able to get out WAN you need to make sure their tunnel network addresses or remote network addresses are included in the outbound NAT rules on WAN, not OpenVPN.

    I changed the option from openvpn to WAN and now I can't get to the PFsense GUI remotely.

    @santeLLo:

    Did you checked the OpenVPN option "Redirect Gateway"?
    Is the OpenVPN gateway the default at the client route list?

    "redirect gateway" is check
    Not sure where to find that option



  • @NasKar:

    @Derelict:

    If you want your OpenVPN clients to be able to get out WAN you need to make sure their tunnel network addresses or remote network addresses are included in the outbound NAT rules on WAN, not OpenVPN.

    I changed the option from openvpn to WAN and now I can't get to the PFsense GUI remotely.

    That option has nothing to do with the GUI access. This has to be permited in the firewall rules.



  • @NasKar:

    "redirect gateway" is check
    Not sure where to find that option

    In OpenVPN server GUI.

    What is the default gateway on client after de OpenVPN got connected? I remember that users needs to run the OpenVPN GUI with elevated privileges to get the default route from OpenVPN.



  • @Derelict:

    If you want your OpenVPN clients to be able to get out WAN you need to make sure their tunnel network addresses or remote network addresses are included in the outbound NAT rules on WAN, not OpenVPN.

    After reading your comment over and over again I have added the VPN tunnel network 192.168.200.0/24 to an outbound rule but it still doesn't allow access to the internet like apple.com etc. Am I following your instructions correctly?

    ![outbound VPN.jpg_thumb](/public/imported_attachments/1/outbound VPN.jpg_thumb)
    ![outbound VPN.jpg](/public/imported_attachments/1/outbound VPN.jpg)


  • LAYER 8 Netgate

    That looks fine so it must be something else not right.



  • @Derelict:

    That looks fine so it must be something else not right.

    It turns out that Block private networks and loopback addresses on the WAN address was blocking access to the WAN from the VPN.  Is it a problem to disable this option?


  • LAYER 8 Netgate

    It turns out that Block private networks and loopback addresses on the WAN address was blocking access to the WAN from the VPN.  Is it a problem to disable this option?

    No it wasn't. That blocks connections into WAN from outside WAN from RFC1918 source addresses.

    You can run without those checked.



  • @Derelict:

    It turns out that Block private networks and loopback addresses on the WAN address was blocking access to the WAN from the VPN.  Is it a problem to disable this option?

    No it wasn't. That blocks connections into WAN from outside WAN from RFC1918 source addresses.

    You can run without those checked.

    Your correct it only loaded the one web page and then it wouldn't work anymore. I have no idea what else to look for.


Log in to reply