VPN Tunnel - No Gateway on TUN interface



  • Hi Folks,

    I am hoping someone here can help me or has come across a similar issue.

    I have a pretty standard setup. WAN, LAN, Wireless and i also want to enable vpn so i can dial in to resolve issues.

    Everything is working bar the vpn.

    I have followed the wizard, created the CA, Server Cert, users etc. All the firewall rules look fine.

    I can sucessfully connect via the VPN, i just cant get to anything as there doesnt appear to be a gateway added to the TUN interface.

    Am i missing something here.

    Do i need to create a VPN interface using an opt? I followed a youtube vid and he didnt seem to have to.

    Im using the latest version of Pfsense also.

    Any help would be greatly appreciated.

    Cheers



  • @rg0s9 said in VPN Tunnel - No Gateway on TUN interface:

    i just cant get to anything as there doesnt appear to be a gateway added to the TUN interface.

    Why do you think so?

    What's the purpose of the VPN? Accessing devices on the LAN or also route any internet traffic over it?

    Can you ping a LAN device by using its IP?



  • @viragomann the purpose of the VPN is to be able to connect to devices that are on the LAN behind the PFsense firewall.

    Cheers



  • Therefor you need a route for the LAN subnet pointing to the tunnel IP of the VPN servers, no default gateway.

    Can you ping a LAN device?
    If no, can the virtual IP of the server?



  • @viragomann Thanks for your replies here. What seems to have done the trick is creating an opt interface for the VPN. This interface now has the first ip address in the tunnel range, and i can now get to devices on the LAN. What was throwing me was it doesnt seem to be referenced in any material i have viewed. Cheers


  • Moderator

    @rg0s9 said in VPN Tunnel - No Gateway on TUN interface:

    @viragomann Thanks for your replies here. What seems to have done the trick is creating an opt interface for the VPN. This interface now has the first ip address in the tunnel range, and i can now get to devices on the LAN. What was throwing me was it doesnt seem to be referenced in any material i have viewed. Cheers

    Yeah that's because normally it isn't required at all. I'm running it on multiple client sites without an interface mapped to it. As @viragomann said, you only need to assign a opt interface to it, if you want to route somehting TO the VPN. As you describe the VPN as dial-in so you can actually maintain some things on their LAN, it's not necessary. Just clicked through the wizard and got a working VPN without any problems, so I think that some other little piece was missing you fixed before assigning the interface.

    Only thing that changes with the interface are that you get a VPN GW that is visible to the GUI, you get an extra interface tab for that VPN (instead of just using the OpenVPN group interface for your rules) and ... that's probably it ;)

    Greets