No internet access on LAN but VPN is up on pfsense



  • Hi,

    I am a newbie on this.

    I had to reconfigure my VPN . Which I believe I did.

    I can ping, dns lookup, traceroute and even download from inside my pfsense box.

    But I cannot figure it out why I don't have internet access on my LAN (laptop, PC)

    I can ping my gateway inside pfsense and from there to a device in my lan.

    Can anyone please show me how to troubleshoot this?

    Thanks



  • We need more details. Post a network map. Also, how does VPN play into your LAN not getting internet? What kind of VPN are we talking about... how is it configured?

    PFsense allows everything outbound by default, so we'll need more specifics on how things are set up and what you're doing to offer any troubleshooting advice.


  • Netgate Administrator

    If you're using policy routing to send LAN clients over the VPN then traffic from pfSense itself may not be using that and hence working. Or it can use the tunnel IP directly where as LAN clients require their traffic to be NAT'd to the tunnel IP.

    Check outbound NAT for traffic from the LAN.

    Steve



  • @marvosa said in No internet access on LAN but VPN is up on pfsense:

    We need more details. Post a network map. Also, how does VPN play into your LAN not getting internet? What kind of VPN are we talking about... how is it configured?

    PFsense allows everything outbound by default, so we'll need more specifics on how things are set up and what you're doing to offer any troubleshooting advice.

    Sorry, is there a software that I can draw a network map?



  • @hbbs said in No internet access on LAN but VPN is up on pfsense:

    Sorry, is there a software that I can draw a network map?

    The short answer is yes, but it doesn't need to be pretty, we just need the info. If you have access to Visio great, but there's other software out there... unfortunately I can't think of them offhand... and TBH, it doesn't need to be that formal. You could even whip up something crude in paint or gimp if you had to...or some even post it in ASCII or worst case scenario... draw it freehand on paper and take a pic with your phone.



  • @marvosa said in No internet access on LAN but VPN is up on pfsense:

    Visio

    Hi , here it is a diagram. The best I could do.

    alt text

    ISP router = 192.168.1.1
    pfSense box = 192.168.0.1
    Roku= 192.168.0.11
    FireTV= 192.168.0.104
    PC= 192.168.0.100

    I am connected to the internet using a VPN. inside my pfSense box. At least I think I am. I can traceroute, ping, DNS lookup and even download using /dev/null

    But on my LAN side, there is no internet connection. But there is more. From the last time I posted here, I discovered that disabling DNSSEC the internet connection works. But if I reboot I'm back to where it started - no internet connection.

    If i want intenet connection I had to reenable DNSSEC. Reboot. Disable DNSSEC. And then Internet connection is working again. I know it sounds silly. But this is happening.

    is there a way to check on realtime the outbound traffic on pfSense?


  • Netgate Administrator

    Ok, seems like a DNS issue.

    By default pfSense uses the DNS resolver in resolving mode. If you VPN connection is changing the default route in pfSense when it connects it may be breaking DNS somehow.

    Does the VPN provider pass you DNS servers?

    If you're not using resolving mode these may get used in preference to anything else you have set. They may not work at all with DNSsec.

    Steve



  • @stephenw10 said in No internet access on LAN but VPN is up on pfsense:

    By default pfSense uses the DNS resolver in resolving mode. If you VPN connection is changing the default route in pfSense when it connects it may be breaking DNS somehow.

    Where is the DNS server used by LAN clients? If pfSense, then routing has nothing to do with it. pfSense would be on the local LAN and reachable without routing.


  • Netgate Administrator

    If the VPN changes the default route when it connects then Unbound will use that and we have seen some VPN providers doing odd things with DNS. Though that defies the point of using a VPN IMO but...

    Steve



  • ^^^^
    Again, if the DNS server is on the local LAN, as would be the case with pfSense, then routing has nothing to do with it. If another DNS server elsewhere is used, then routing would matter. That's why I asked where the DNS server was located.


  • Netgate Administrator

    Well Unbound running on pfSense would not change with respect to lan side clients but it will always use the default system route itself so that is a change if you allow the VPN to push a new route.

    Steve



  • I have redone all the setup configuration. This time, finally, I was able to reconnect to my VPN provider after a reboot.

    Let's hope it stays that way.

    I consider this thread to be solved. I appreciate all the inputs you guys have given me.

    I opened another ticket here asking for help about redirecting DNS queries.


Log in to reply