[Solved] Changing OpenVPN IPv4 Tunnel Stops Client From Accessing Websites



  • Hello Everyone,

    I'm using pfSense 2.3.4-RELEASE-p1 and OpenVPN 2.3.17.  When I change my OpenVPN IPv4 Tunnel Network address range (VPN –> OpenVPN --> Servers) from 10.2.1.0/24 to 10.66.1.0/24 or any other address range for that matter then my Android client is unable to access any www sites which I could previously do with the 10.2.1.0/24 address range.  However, I can access applications on my LAN but only after rebooting pfSense.  My Android connects just fine, I see the new ip address in OpenVPN Connect and I even see the route table in pfSense updates with the new address range so is there something else I'm missing?  My gut tells me this maybe a route issue but with the updated addresses appearing in the route table I am stumped.



  • Check the outbound NAT. Firewall > NAT > Outbound.

    There has to be a mapping for the WAN interface and the VPN tunnel as source. If you change the tunnel, you have also to change that NAT rule.



  • @viragomann:

    Check the outbound NAT. Firewall > NAT > Outbound.

    There has to be a mapping for the WAN interface and the VPN tunnel as source. If you change the tunnel, you have also to change that NAT rule.

    THANKS, THAT DID IT!  I changed the: "Source network for the outbound NAT mapping." address to match my OpenVPN in Firewall > NAT > Outbound and it still was not working so I rebooted pfSense and it worked!  I guess I was under the assumption that pfSense updated everything kind of like when you disable a NAT Port Forward and it will disable the Firewall rule as well.  Now, in the Outbound NAT it says: "Auto created rule" next to the OpenVPN rule I just changed but at the top I have marked: "Manual Outbound NAT rule generation. (AON - Advanced Outbound NAT)" which I believe I marked sometime after setting up my OpenVPN, is that why the rule did not update?