OpenVPN WiFi Client Internet Access



  • Hello everyone,

    First time post to this site and relatively new to the firmware after switching from OpenWRT.

    So I am adding another layer of security to our home WiFi traffic and in doing so, I managed to sucessfully get OpenVPN WiFi up and running on my network and have got local traffic flowing between two Android and IOS devices using the following tutorials:

    https://wiki.opnsense.org/manual/how-tos/two_factor.html
    https://wiki.opnsense.org/manual/how-tos/sslvpn_s2s.html
    https://wiki.opnsense.org/manual/how-tos/freeradius.html

    My problem is that although I can see the connections popping up on the OpenVPN server, neither of my test devices can actually get out to the internet. My gut tells me that it might have something to do with my fireall/NAT/DNS settings but I am not sure due to my lack of experience with PFsense.

    Below are some images showing firewall/NAT/tunnel settings if this helps:

    Firewall Rules:
    0_1541598145900_VL20_FW.PNG

    0_1541598205300_OpenVPN_FW.PNG

    NAT:

    0_1541598236200_nat.PNG

    OpenVPN Server:

    0_1541598270700_OpenVPN_ServerTunnel.PNG

    0_1541598287100_OpenVPN_ServerTunnel_1.PNG

    0_1541598309000_OpenVPN_Server.PNG

    0_1541598325600_OpenVPN_Status.PNG

    Below is a brief summary of my network running on a dedicated VM with three physical interfaces.

    vtnet0 - WAN DHCP client from ISP
    vtnet1 - Unassigned for VLAN usage
    vtnet2 - LAN - 10.1.10.1/24

    The two VLANs I have placed on vtnet1 are as follows:

    VL10_ADM 10.10.10.1/24 - Admin
    VL20_IOT 10.10.20.1/24 - IOT/WiFi/OpenVPN
    VL30_CLR 10.10.30.1/24 - Clearnet

    The OpenVPN server I have configured resides on 10.10.25.1. We DO NOT actually require remote access from outside our home network and use static mapping for all of our network devices. I am aware that some devices such as smart TVs etc do not support OpenVPN connections but I can compensate this with the use of ethernet cabling.

    Could some from the community please chime in and give me a hand to work out what is wrong?

    Many thanks in advance.
    Kawa



  • You're missing the outbound NAT rule for the OpenVPN tunnel network.
    Just copy one of the WAN rules and change the soure to 10.34.25.0/24.



  • This post is deleted!


  • @viragomann

    Hey thanks. Its working now thank you so much for your help! Been trying to resolve this for ages!!

    Kawa