OpenVPN clients unable to get out of local network



  • I have an OpenVPN server and a client configured on my pfsense. The client is for a subnet that connects to PIA and was working until I set up the server for me to connect to my network remotely. Now the devices on the PIA subnet cannot exit the local network, although the gateway is pinging the internet through the tunnel. Clients connecting to the server also are able to access the local but external addresses.
    I have the same NAT and firewall rules for everything, and the OpenVPN client and server on pfsense use different ports. Everything on the network that doesn't touch OpenVPN works fine. The client configuration does have an interface configured, but when I add one for the server I can't get to the local network any more. What am I missing?



  • I just did a little more troubleshooting. If I disable either the OpenVPN server or client the other one work. But they will not both work at the same time. How do I make that happen?



  • @Moderador-PfSense How do I get help here? Am I not being clear about what the issues is, or is it that no one has an answer?



  • I am now inclined to think that it is specifically the client config that is breaking everything. When it is enabled, I am unable to ping out from the Diagnostics > Ping utility from any subnet, but I can from both gateways. The devices on those subnets seem to be able to access everything locally and remotely normally. Since the openvpn server uses the internal pfsense routing it is not able to get out of the local networks. I am at a loss as to what is stopping traffic out to the gateways while the openvpn client is enabled. The only thing I can come up with is that the 0.0.0.0/1 route that is automatically added is messing things up. If that is the case I have no idea how to fix it.



  • @mouseskowitz said in OpenVPN clients unable to get out of local network:

    The only thing I can come up with is that the 0.0.0.0/1 route that is automatically added is messing things up.

    Is that route set by the OpenVPN client?
    If you want to route only one subnet over the vpn it should not set any route automatically. To avoid that check "Don't pull routes in the client settings".

    I don't know if that solves your issue. If not you will have to provide some details about your set. Interface settings, OpenVPN server and client setting, outbound NAT rules.



  • I thought the check box and fixing some NAT rules, wrong interface for client, had fixed it. But now I can't seem to get a client to connect to the pfsense server. I'll have to take a look at this again after I get some sleep, should have gone to bed an hour and a half ago. I'll post more network details at that point if things aren't working.



  • I was able to connect to the VPN with my phone while getting new tires this afternoon. The client VPN that is connected to PIA is passing traffic. So I think everything is fixed. @viragomann thank you for your help!



  • Okay guys,

    I updated to the latest 2.4.4. and now OpenVPN does not work. Nothing changed but the upgrade. After chasing my tail some, I thought I would see if anyone else is having the same issue.

    I could upgraded another unit and see if the problem follows, but it is an hour drive away and I really don't want to lose control of it.

    I thought I was onto something by testing in Diagnostics/Authentication, but apparently I've forgotten the proper way to test. So I have to go back to basics and step by step it. Hope someone figures this out.