Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Changing OpenVPN IPv4 Tunnel Stops Client From Accessing Websites

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 495 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      alteredstate
      last edited by

      Hello Everyone,

      I'm using pfSense 2.3.4-RELEASE-p1 and OpenVPN 2.3.17.  When I change my OpenVPN IPv4 Tunnel Network address range (VPN –> OpenVPN --> Servers) from 10.2.1.0/24 to 10.66.1.0/24 or any other address range for that matter then my Android client is unable to access any www sites which I could previously do with the 10.2.1.0/24 address range.  However, I can access applications on my LAN but only after rebooting pfSense.  My Android connects just fine, I see the new ip address in OpenVPN Connect and I even see the route table in pfSense updates with the new address range so is there something else I'm missing?  My gut tells me this maybe a route issue but with the updated addresses appearing in the route table I am stumped.

      1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann
        last edited by

        Check the outbound NAT. Firewall > NAT > Outbound.

        There has to be a mapping for the WAN interface and the VPN tunnel as source. If you change the tunnel, you have also to change that NAT rule.

        1 Reply Last reply Reply Quote 0
        • A Offline
          alteredstate
          last edited by

          @viragomann:

          Check the outbound NAT. Firewall > NAT > Outbound.

          There has to be a mapping for the WAN interface and the VPN tunnel as source. If you change the tunnel, you have also to change that NAT rule.

          THANKS, THAT DID IT!  I changed the: "Source network for the outbound NAT mapping." address to match my OpenVPN in Firewall > NAT > Outbound and it still was not working so I rebooted pfSense and it worked!  I guess I was under the assumption that pfSense updated everything kind of like when you disable a NAT Port Forward and it will disable the Firewall rule as well.  Now, in the Outbound NAT it says: "Auto created rule" next to the OpenVPN rule I just changed but at the top I have marked: "Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT)" which I believe I marked sometime after setting up my OpenVPN, is that why the rule did not update?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.