openvpn on the lan side



  • got the openvpn working as i am able to connect to the server from my iphone on the lan wifi side but i am not able to get to the internet when i have Force all client-generated IPv4 traffic through the tunnel enable when i disable it i get internet traffic it was working before with that enable.



  • Ensure that you have this outbound NAT rule in place:
    interface: WAN
    source: <the tunnel network>
    dest: any
    translation: interface address



  • ok did that and still no traffic passing through the vpn even delete the whole config and start again with the wizard and still nothing as long as the pass all traffic through the tunnel is enable all the firewall setting that were made by the wizard are in place and still no go



  • Is your outbound NAT in hybrid or manual mode?
    If it's in automatic mode, manual rules or not applied.



  • Ok did all of that and still not able to go on the internet from my iPhone with OpenVPN client installed and connected to the WiFi on the lan side



  • @kramtw said in openvpn on the lan side:

    connected to the WiFi on the lan side

    You mean : LAN == pfSense LAN (with an AP on your LAN) so your iPhone connects to the LAN side of pfSense ?
    Never tried to do this. Why would you do so ?
    Your OpenVPN is really listening like this :

    0_1536334671079_73bd85f5-ce68-4ca3-8b3e-6694ffe77375-image.png

    I connect my iPhone from "anywhere on the planet" to the WAN IP of pfSense, that works (if set up correctly)



  • Hello, I have a network configuration similar to yours. I had the same problem that I could not surf the internet when I was connected to my wifi with the vpn. I solved this problem with this custom option:
    push "redirect-gateway def1";push "dhcp-option DNS 192.168.254.1";verb 1;mute-replay-warnings

    The IP address (192.168.254.1) is my vpn tunnel network, this may be different in your configuration.

    0_1536347586314_Schermata del 2018-08-30 07-34-26.png



  • @gertjan

    Hi I was thinking that you could still have a man in the middle Attack The seem concerned you would have for using a VPN on a network or a wireless network that is outside of your own network



  • @claudio69

    Hi would try what you are Suggesting and let you all know the outcome

    Thanks



  • Ok guys still not working did what you were suggesting and not able to get to the internet when connected to the WiFi on the lan of the pfsense with my iPhone using the openvpn client for iOS



  • Ok guys after deleting the configuration for both the lan and the wan for the openvpn a few times now.

    It is working on the lan side and I am able to see the computer How with the iPhone using openvpn client on the WiFi that is in the lan

    Don’t know what I did but so far It is working

    One thing that I have noticed is that I would have to enter the IP address of things like the web server and an the mail server when the vpn is enable on the phone



  • @kramtw said in openvpn on the lan side:

    One thing that I have noticed is that I would have to enter the IP address of things like the web server and an the mail server when the vpn is enable on the phone

    That means : your iPhone didn't receive a working DNS. Solution : inform to your OpenVPN client a DNS, for example, pfSense.



  • hi
    how i am able to get the lan side vpn too work i am able to get to the internet and see all the computers on the lan side with send all vpn traffic enable

    now i am working on the wan side of the vpn now and i am able to connect to the vpn server, however i am not able to get any internet traffic when send all traffic through the vpn tunnel is enable if i disable that i am able to get to the internert and i am not able to see any of the computers on the lan side

    any help on this one



  • Firewall rules (called OpenVPN) ?
    VPN server settings ?
    Your client VPN file ?

    From here, can't see what you did wrong, added to that, you telling us nothing.
    Difficult ....



  • ok
    firewall rules created by openvpn wizard
    vpn server settings created with vpn wizard
    vpn client vpn file created by export wizard


Log in to reply