4. Can't get LAN to route out OpenVPN tunnel

Can't get LAN to route out OpenVPN tunnel

  • G

    I'm running pfSense 2.4.4, and I followed a couple guides. I've looked over several other guides, which are nearly identical (and I tried any differences).

    1. I set up the OpenVPN client, and the status says it is up. It lists a Virtual Address that looks good.
    2. I created an interface to the ovpnc1.
    3. I copied all the manual Outbound NAT rules, and set the copies to use the VPN's interface.
    4. I made a LAN firewall rule to route all 192.168.1.0/24 traffic to the VPN interface gateway. (I've tried a bunch of different settings in this rule, just to make sure, such as moving it to the bottom vs top, setting the source to LAN Net or an alias, etc.).
    5. In the firewall system logs I see traffic matching the rule (e.g. Rule = " LAN TRAFFIC –> VPN ")
    6. WhatIsMyIP checks show I'm still coming out my ISP's IP.
    7. Dashboard traffic graphs shows no throughput on the VPN interface... it's all on the WAN.
    8. I've tried disabling the standard LAN Net allow rule, and it cuts the connection to the internet.

    Is there something else I can try or check?

    0
  • G

    It won't let me post a link to the guide I followed (marks it as spam, what a pain...), but it's on ExpressVPN's site, "How to set up pfSense with ExpressVPN (OpenVPN)"

    0
  • LAYER 8 Rebel Alliance

    Follow the netgate hangout and you will be fine: https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html

    -Rico

    0
    G
     1 Reply
  • G

    @rico Thanks, I'll go through that now.

    0
  • G

    SOLUTION FOUND:

    In the video, around the 32m:23s mark, the presenter says that after assigning the OpenVPN to an interface, it will disrupt the internal workings and to "give it a kick" by editing and resaving the OpenVPN config.

    https://youtu.be/lp3mtR4j3Lw?t=1943

    I did that, and started the OpenVPN service again, and it instantly started sending traffic out the VPN like it should. "What's My IP" confirms it.

    Geez, I spent several hours scouring every setting in every config page I touched, checking logs, looking for where I went made a typo or missed something. Everything was perfect. For the record, I assume a reboot would have fixed it too, since it would have restarted the connection.

    0
  • LAYER 8 Rebel Alliance

    Yes a reboot would have the same effect.

    -Rico

    0
  • LAYER 8 Netgate

    Yes. Every guide that is worth using will say that assigning an interface needs an OpenVPN instance restart.

    0
    G
     1 Reply
  • G

    @derelict Perhaps idealistically, but I read numerous guides for setting up OpenVPN on pfSense and not a single one mentioned it. Even the video only mentioned it as an interesting tip (which suggests it's not an obvious or well known point). Either way, I'm glad I know now. Hopefully the pfSense developers will add a way for it to restart it automatically.

    0
  • LAYER 8 Netgate

    Probably not.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy