Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not able to connect Internet through OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    13 Posts 5 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      toastposter
      last edited by

      Hi all!
      I have an OpenVPN server set up and working fine connecting to my LAN remotely, but I would like to route all traffic of the client through the VPN. The corresponding tick is on on the server settings. I have an outbound NAT setting from the tunnel network to the wan network (as what the wizard does). I have also tried to make an interface out of the server instance and applied the "allow all" fw rules to this also. Again, connecting to the LAN is ok, but no internet.

      On my client (Tunnelblick on Mac) there is routes made to the LAN network from the tunnel network, but not to the default gateway. Does it need to be pushed manually to the config allow internet traffic for the clients? If I add it to the config, my tunnelblick states the config is wrong. Where should I troubleshoot next?

      1 Reply Last reply Reply Quote 0
      • Raffi_R
        Raffi_
        last edited by

        I found this description in the book for the redirect option that might give you a clue.

        "When the Redirect Gateway option is selected the server will push a message to clients instructing them to forward all traffic, including Internet traffic, over the VPN tunnel. This only works in SSL/TLS modes with a tunnel network larger than a /30 subnet."

        DerelictD 1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate @Raffi_
          last edited by

          @raffi_ said in Not able to connect Internet through OpenVPN:

          I found this description in the book for the redirect option that might give you a clue.

          "When the Redirect Gateway option is selected the server will push a message to clients instructing them to forward all traffic, including Internet traffic, over the VPN tunnel. This only works in SSL/TLS modes with a tunnel network larger than a /30 subnet."

          Right. It will work with a point-to-point OpenVPN tunnel (shared-key or a /30 tunnel network) but the setting cannot be pushed from the server to the client. It must be controlled with the same setting on the client.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          T 1 Reply Last reply Reply Quote 0
          • M
            Musote
            last edited by

            Take a look on the firewall-rules- open VPN "interface", something happend with the wizard rules created by wizard are wrong.

            T 1 Reply Last reply Reply Quote 0
            • T
              toastposter @Derelict
              last edited by

              @derelict I do have a /24 tunnel network. It is also introduced on the client settings, so I think it cannot be the matter.

              1 Reply Last reply Reply Quote 0
              • T
                toastposter @Musote
                last edited by

                @musote I have re-done the rules, to the OpenVPN "interface" as well as the assigned interface OVPN1, and both have ipv4 all all allow rule applied.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  And?

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • T
                    toastposter
                    last edited by

                    Well, it is not solved. I have done all that prior to posting here. My VPN traffing is not routed to internet. Currently, I have the "route all traffic to tunnel" option off, because I cannot get it to work. I just have to realize that whenever I am connected to that VPN, my internet traffic is not encrypted.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      I don't use Tunnelblick personally. The general recommendation for a quality Mac OpenVPN client is Viscosity.

                      If you have redirect gateway checked in the server and you do not end up with two routes on the client (0.0.0.0/1 and 128.0.0.0/1) then it is likely a setting on the client telling it not to honor the routes being pushed. There is not much else to it.

                      Did you use the configuration export package?

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • T
                        toastposter
                        last edited by

                        OK,
                        I have to give Viscosity a try. I have been using Tunnelblick for quite a while now, and with the recent WatchGuard Firebox firewall I experienced zero problems using it.
                        And yes, I exported the settings using the latest version of the "openvpn-client-export".

                        1 Reply Last reply Reply Quote 0
                        • C
                          claudio69
                          last edited by

                          Hi, I had the same problem and I solved with an additional command.
                          push "redirect-gateway def1";push "dhcp-option DNS 192.168.254.1";verb 1;mute-replay-warnings

                          192.168.254.1 it's my vpn network0_1535608391771_Schermata del 2018-08-30 07-34-26.png

                          T 1 Reply Last reply Reply Quote 0
                          • T
                            toastposter @claudio69
                            last edited by

                            @claudio69 OK,
                            Have to try this!
                            Are you able to clarify, what does the options do? I know that the "redirect-gateway def1" introduces the default gateway of the router to the VPN client, but what about the "dhcp-option DNS xxx.yyy", do you have a DNS option on the VPN server settings or is it blank?

                            1 Reply Last reply Reply Quote 0
                            • C
                              claudio69
                              last edited by

                              I have no DNS set up on the VPN server.
                              I searched the internet for a long time and found this series of commands that solved the problem,I hope it works for you too.
                              Greetings

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.