[Solved] Virtualbox + PFSense + OpenVPN – No Route to Host

Zwei

Greetings. I'm trying to install PFSense 2.4.2 in a Virtualbox guest machine on a Windows 10 Host machine with some out of date guides (e.g. http://timita.org/wordpress/2011/08/02/protect-windows-with-pfsense-and-virtualbox-part-5-configuring-pfsense-vlans-removing-windows’-tcpip-stacks/) (doing it to make a proper VPN + kill switch + firewall / snort).

I have a physical card configured as em1 (LAN), and a Microsoft Loopback Adapter configured as em0 (WAN).

On the PFSense web GUI my WAN Interface status is:

Status
up
MAC Address
xxxxx - my mac from my physical card
IPv4 Address
10.0.0.1 - the default gateway and DHCP server from the internet connection plugged into my PC
Subnet mask IPv4
255.255.255.0 - correct
IPv6 Link Local
fe80::a00:27ff:fef6:12aa%em0 - not sure why I have this here, I did my best to disable all IPV6 things. ???
DNS servers
127.0.0.1 - I guess this is the default PFSense DNS server?
208.67.220.220 - opendns
xxxxx - dns from my vpn
xxxxx - dns from my vpn
208.68.222.222 - opendns
MTU
1500
Media
1000baseT <full-duplex>In/out packets
0/0 (0 B/0 B)
In/out packets (pass)
0/0 (0 B/0 B)
In/out packets (block)
17/5 (4 KiB/416 B)
In/out errors
0/0
Collisions
0</full-duplex> 

My LAN status is:

Status
up
MAC Address
08:00:27:4e:b3:62
IPv4 Address
192.168.1.1
Subnet mask IPv4
255.255.255.0
IPv6 Link Local
fe80::a00:27ff:fe4e:b362%em1
MTU
1500
Media
1000baseT <full-duplex>In/out packets
1561/2576 (182 KiB/2.90 MiB)
In/out packets (pass)
1561/2576 (182 KiB/2.90 MiB)
In/out packets (block)
0/4 (0 B/340 B)
In/out errors
0/0
Collisions
0</full-duplex> 

With this my Internet Connection in Windows (my host), through the Loopback Adapter, has No Internet Access. All I can access is 192.168.1.1 in the browser.

I entered my VPN's data as OpenVPN (followed guide), and that kinda works. When I gave the "Server host or address" a domain name instead of an IP address it complained / failed, but with an IP and the right cryptography settings it "works", the Client Instance Statistics for OpenVPN show the Service is running (but not connected). Status says this:

eb 21 00:14:52	openvpn	6449	WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
Feb 21 00:14:52	openvpn	6449	OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2017
Feb 21 00:14:52	openvpn	6449	library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
Feb 21 00:14:52	openvpn	6664	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 21 00:14:52	openvpn	6664	TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Feb 21 00:14:52	openvpn	6664	UDPv4 link local (bound): [AF_INET]10.0.0.1:0
Feb 21 00:14:52	openvpn	6664	UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Feb 21 00:14:52	openvpn	6664	write UDPv4: No route to host (code=65)
Feb 21 00:14:54	openvpn	6664	write UDPv4: No route to host (code=65)
Feb 21 00:14:58	openvpn	6664	write UDPv4: No route to host (code=65)
Feb 21 00:15:06	openvpn	6664	write UDPv4: No route to host (code=65)
Feb 21 00:15:22	openvpn	6664	write UDPv4: No route to host (code=65)
Feb 21 00:15:52	openvpn	6664	[UNDEF] Inactivity timeout (--ping-restart), restarting

My network administrator knowledge is patchy, can someone help me understand how to debug this? It should be straight forward and work almost out of the box.

Also I'm still new to PFSense so when you ask for printouts please tell me where I can find them in the menus :)

PS:
Another weird thing is that if I leave my Loopback Adapter on Automatic, it gives me "Unidentified Network" and on an ipconfig/all the loopback adapter shows IPv4 Address: 169.254.30.217 - wtf is that? (it's the default if it doesn't receive one thhrough DHCP) But it should receive 192.168.1.100 (100 is the start of the ip range in pfsense). If I set the values manually, it works, but who's giving it that weird DHCP info?

---

[EDIT]

SOLVED.

Alright so after taking each of the million logs and pages in PFSense one by one and reading everything (you should really look into collapsing newbie-irrelevant information, UX, and hints), I am online.

Here are most of the problems I had:

• dhcp wasn’t finding the gateway and subnet mask (and trying to fix it got things messed up).
• default firewall example rules to allow internet are missing by default, and you don’t know wtf is wrong or what to do.
• interface (lan wan) config settings (by default won’t let you connect PFSense to a home router, assumes modem only (blocks home ip ranges)).
• hard to figure out openvpn settings and firewall / nat / outbound settings.
• most frustrating: some changes kinda get applied, but sometimes not fully until you restart the BSD OS (and maybe also your windows adapters) - sometimes applying settings never quite finishes applying things in background or god knows what else happens b/w pfsense and the host adapters and you think your changes didn’t fix the problem.

I had help on another forum, for those curious, look up "Win10 + Virtualbox + PFSense + OpenVPN – No Route to Host" on the level1techs forums.

TwoFistedjustice

@Zwei said in [Solved] Virtualbox + PFSense + OpenVPN – No Route to Host:

"Win10 + Virtualbox + PFSense + OpenVPN – No Route to Host"

This is a really common problem and you may be the only person to have ever solved it and written a post about it.

Thank you!