Can't get LAN to route out OpenVPN tunnel
-
I'm running pfSense 2.4.4, and I followed a couple guides. I've looked over several other guides, which are nearly identical (and I tried any differences).
- I set up the OpenVPN client, and the status says it is up. It lists a Virtual Address that looks good.
- I created an interface to the ovpnc1.
- I copied all the manual Outbound NAT rules, and set the copies to use the VPN's interface.
- I made a LAN firewall rule to route all 192.168.1.0/24 traffic to the VPN interface gateway. (I've tried a bunch of different settings in this rule, just to make sure, such as moving it to the bottom vs top, setting the source to LAN Net or an alias, etc.).
- In the firewall system logs I see traffic matching the rule (e.g. Rule = " LAN TRAFFIC –> VPN ")
- WhatIsMyIP checks show I'm still coming out my ISP's IP.
- Dashboard traffic graphs shows no throughput on the VPN interface... it's all on the WAN.
- I've tried disabling the standard LAN Net allow rule, and it cuts the connection to the internet.
Is there something else I can try or check?
-
It won't let me post a link to the guide I followed (marks it as spam, what a pain...), but it's on ExpressVPN's site, "How to set up pfSense with ExpressVPN (OpenVPN)"
-
Follow the netgate hangout and you will be fine: https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html
-Rico
-
@rico Thanks, I'll go through that now.
-
SOLUTION FOUND:
In the video, around the 32m:23s mark, the presenter says that after assigning the OpenVPN to an interface, it will disrupt the internal workings and to "give it a kick" by editing and resaving the OpenVPN config.
https://youtu.be/lp3mtR4j3Lw?t=1943
I did that, and started the OpenVPN service again, and it instantly started sending traffic out the VPN like it should. "What's My IP" confirms it.
Geez, I spent several hours scouring every setting in every config page I touched, checking logs, looking for where I went made a typo or missed something. Everything was perfect. For the record, I assume a reboot would have fixed it too, since it would have restarted the connection.
-
Yes a reboot would have the same effect.
-Rico
-
Yes. Every guide that is worth using will say that assigning an interface needs an OpenVPN instance restart.
-
@derelict Perhaps idealistically, but I read numerous guides for setting up OpenVPN on pfSense and not a single one mentioned it. Even the video only mentioned it as an interesting tip (which suggests it's not an obvious or well known point). Either way, I'm glad I know now. Hopefully the pfSense developers will add a way for it to restart it automatically.
-
Probably not.
