OpenVPN not masking users public IP (to the public IP of the gateway)
pkris last edited by
I cannot for the life of me figure this out.
I connect to my OpenVPN server using Viscosity and can browse the internet fine, and access the firewall / internal IP's AND their external hostnames, but when it comes to locking directories etc.. down via public IP, I need to be able to have each connected client show the same public IP, not their current ISP-provided ones.
Here's my setup:
Server mode: Remote Access (SSL/TLS + User Auth) Backend for authentication: Local Database Protocol: UDP Device mode: tun Interface: WAN1 Local port: 1194 IPv4 Tunnel Network: 10.8.255.0/24 IPv6 Tunnel Network: Blank IPv4 Local network(s): 10.8.1.0/24,10.8.2.0/24,10.8.3.0/24 (Management, VM's, Storage) IPv6 Local network(s): Blank Concurrent connections: 5 Duplicate Connection: Yes Dynamic IP: Yes Address Pool Provide a virtual adapter IP...: Yes Topology: Subnet - One IP address per client in a common subnet DNS Server enable Provide a DNS server list to clients DNS Server 1 18.104.22.168 DNS Server 2 22.214.171.124 Verbosity level: 3
Currently I'm on my Bell Canada (Canadian ISP) connection, my public IP is 126.96.36.199, if I connect to my OpenVPN I can access my private network but if I go to whatismyip.org, I still have an address of 188.8.131.52 not 184.108.40.206.
On some of my webservers I have nginx access rules set up on a subdirectory (admin directories) restricting it via IP - (example.org can be accessed anywhere on the internet, example.org/admin can only be accessed via my public IP of my office, but I'd like to open it to any of my VPN users).
I should clarify the pfSense box is handling both my IP assignments / NAT for all of my virtual machines, and hypervisors, as well as the OpenVPN service.
When "Redirect Gateway" is unchecked I have the option to define IPv4 Local network(s), which I have defined as "10.8.1.0/24,10.8.2.0/24,10.8.3.0/24", this allows me access to each of my storage, vm, and management networks.
When I enable "Redirect Gateway" that option is removed so I cannot access any network but the network pfSense is on (the IPv4 Tunnet Network of 10.8.255.0/24).
I've tried pushing a route via the custom option box, but no luck:
push “route 10.8.1.0 255.255.255.0″;
push “route 10.8.2.0 255.255.255.0″;
push “route 10.8.3.0 255.255.255.0″;
No DNS resolution while connected still, and I cannot access any defined subnet on the firewall that isn't the SAME subnet as the firewall (10.8.255.0).
I will note that I've tried "DNS Server enable" and provided Google's public resolvers (220.127.116.11, 18.104.22.168) and I still cannot get outbound DNS resolution working when "Redirect Gateway" is enabled.
To summarize what I need:
My public IP to be that of the OpenVPN server (pfSense firewall)
To be able to access all three subnets on my network (above)
To be able to have outbound DNS resolution so I can still browse the internet while on VPN
To be able to go to websites I host on the LAN side of the firewall (at some point while I was picking around with settings if I went to example.org when connected to VPN, which is in my external DNS provider as the public IP but of course being NAT'd to an internal IP controlled by the pfSense firewall, I am redirected to the firewalls admin page.)
pkris last edited by
Any assistance would be appreciated.
Guldil last edited by
I think you need TAP Mode not TUN Mode to hide your IP.
Jackish last edited by
You dont need to use TAP, TUN will work.
When you set the VPN server as default gateway (redirect gateway) your public IP will be the WAN IP of the VPN server.
Can you ping all the remote networks you want to be able to reach from your Pfsense? Does the remote networks you want to reach use the Pfsense as default gateway? Depending on your setup, you may hit your remote networks OK but they do not have a route back to your VPN client range.