[Solved] Virtualbox + PFSense + OpenVPN – No Route to Host
-
Greetings. I'm trying to install PFSense 2.4.2 in a Virtualbox guest machine on a Windows 10 Host machine with some out of date guides (e.g. http://timita.org/wordpress/2011/08/02/protect-windows-with-pfsense-and-virtualbox-part-5-configuring-pfsense-vlans-removing-windows’-tcpip-stacks/) (doing it to make a proper VPN + kill switch + firewall / snort).
I have a physical card configured as em1 (LAN), and a Microsoft Loopback Adapter configured as em0 (WAN).
On the PFSense web GUI my WAN Interface status is:
Status up MAC Address xxxxx - my mac from my physical card IPv4 Address 10.0.0.1 - the default gateway and DHCP server from the internet connection plugged into my PC Subnet mask IPv4 255.255.255.0 - correct IPv6 Link Local fe80::a00:27ff:fef6:12aa%em0 - not sure why I have this here, I did my best to disable all IPV6 things. ??? DNS servers 127.0.0.1 - I guess this is the default PFSense DNS server? 208.67.220.220 - opendns xxxxx - dns from my vpn xxxxx - dns from my vpn 208.68.222.222 - opendns MTU 1500 Media 1000baseT <full-duplex>In/out packets 0/0 (0 B/0 B) In/out packets (pass) 0/0 (0 B/0 B) In/out packets (block) 17/5 (4 KiB/416 B) In/out errors 0/0 Collisions 0</full-duplex>My LAN status is:
Status up MAC Address 08:00:27:4e:b3:62 IPv4 Address 192.168.1.1 Subnet mask IPv4 255.255.255.0 IPv6 Link Local fe80::a00:27ff:fe4e:b362%em1 MTU 1500 Media 1000baseT <full-duplex>In/out packets 1561/2576 (182 KiB/2.90 MiB) In/out packets (pass) 1561/2576 (182 KiB/2.90 MiB) In/out packets (block) 0/4 (0 B/340 B) In/out errors 0/0 Collisions 0</full-duplex>With this my Internet Connection in Windows (my host), through the Loopback Adapter, has No Internet Access. All I can access is 192.168.1.1 in the browser.
I entered my VPN's data as OpenVPN (followed guide), and that kinda works. When I gave the "Server host or address" a domain name instead of an IP address it complained / failed, but with an IP and the right cryptography settings it "works", the Client Instance Statistics for OpenVPN show the Service is running (but not connected). Status says this:
eb 21 00:14:52 openvpn 6449 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Feb 21 00:14:52 openvpn 6449 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2017 Feb 21 00:14:52 openvpn 6449 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10 Feb 21 00:14:52 openvpn 6664 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Feb 21 00:14:52 openvpn 6664 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxxx Feb 21 00:14:52 openvpn 6664 UDPv4 link local (bound): [AF_INET]10.0.0.1:0 Feb 21 00:14:52 openvpn 6664 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx Feb 21 00:14:52 openvpn 6664 write UDPv4: No route to host (code=65) Feb 21 00:14:54 openvpn 6664 write UDPv4: No route to host (code=65) Feb 21 00:14:58 openvpn 6664 write UDPv4: No route to host (code=65) Feb 21 00:15:06 openvpn 6664 write UDPv4: No route to host (code=65) Feb 21 00:15:22 openvpn 6664 write UDPv4: No route to host (code=65) Feb 21 00:15:52 openvpn 6664 [UNDEF] Inactivity timeout (--ping-restart), restartingMy network administrator knowledge is patchy, can someone help me understand how to debug this? It should be straight forward and work almost out of the box.
Also I'm still new to PFSense so when you ask for printouts please tell me where I can find them in the menus :)
PS:
Another weird thing is that if I leave my Loopback Adapter on Automatic, it gives me "Unidentified Network" and on an ipconfig/all the loopback adapter shows IPv4 Address: 169.254.30.217- wtf is that?(it's the default if it doesn't receive one thhrough DHCP) But it should receive 192.168.1.100 (100 is the start of the ip range in pfsense). If I set the values manually, it works,but who's giving it that weird DHCP info?
[EDIT]
SOLVED.
Alright so after taking each of the million logs and pages in PFSense one by one and reading everything (you should really look into collapsing newbie-irrelevant information, UX, and hints), I am online.
Here are most of the problems I had:
- dhcp wasn’t finding the gateway and subnet mask (and trying to fix it got things messed up).
- default firewall example rules to allow internet are missing by default, and you don’t know wtf is wrong or what to do.
- interface (lan wan) config settings (by default won’t let you connect PFSense to a home router, assumes modem only (blocks home ip ranges)).
- hard to figure out openvpn settings and firewall / nat / outbound settings.
- most frustrating: some changes kinda get applied, but sometimes not fully until you restart the BSD OS (and maybe also your windows adapters) - sometimes applying settings never quite finishes applying things in background or god knows what else happens b/w pfsense and the host adapters and you think your changes didn’t fix the problem.
I had help on another forum, for those curious, look up "Win10 + Virtualbox + PFSense + OpenVPN – No Route to Host" on the level1techs forums.
-
@Zwei said in [Solved] Virtualbox + PFSense + OpenVPN – No Route to Host:
"Win10 + Virtualbox + PFSense + OpenVPN – No Route to Host"
This is a really common problem and you may be the only person to have ever solved it and written a post about it.
Thank you!