Cannot access any Web-Services (but can ping them) from OpenVPN Client
-
Hi,
I have an OpenVPN server running on my pfSense. When logged in, clients can access any device in the LAN-net. However, accessing Web pages is a problem because although I can ping the IP-Adresses (but not the URLs) of the page, I can't access the Web Page itself (even if I enter the IP Adress of the Web Page into the Browser).
The screenshots of my currently active Firewall-Rules as well as my ping-test are below.
Any help is greatly appreciated.
-
Forgot the Pings
-
So your client is missing a DNS.
If you route any traffic over the VPN you should also provide a DNS in the VPN server settings and ensure that your rules allow that access.Furthermore, the first one of your Outbound NAT rules (VPN to WAN) is rubbish. Since you're running an access server, you may not want to go out any packet on the OpenVPN interface.
For upstream traffic from VPN clients you need a rule on WAN with source = tunnel network. Maybe this is the nameless second one. Hard to say, without knowing your tunnel network. -
Hi,
thanks for the quick reply. So I've removed the first Outbound NAT rule. You were right about the second one, the 10.0.2.0 is the tunnel network. I've also added the following line to the OpenVPN Client file:
dhcp-option DNS 192.168.1.1
This makes the config-file look as follows:
dev tun
persist-tun
persist-key
cipher AES-256-CFB
auth SHA384
tls-client
client
resolv-retry infinite
remote [DynDNS-Adress] [OpenVPN Port] udp
setenv opt block-outside-dns
lport 0
dhcp-option DNS 192.168.1.1Now I get the following error message:
Options error: Unrecognized option or missing or extra parameter(s) in pfSense-UDP4-12389-Julius-config.ovpn:12: dhcp-option (2.4.6)What can I do here?
Again, any help is greatly appreciated.
-
@randomPerson said in Cannot access any Web-Services (but can ping them) from OpenVPN Client:
Now I get the following error message:
Options error: Unrecognized option or missing or extra parameter(s) in pfSense-UDP4-12389-Julius-config.ovpn:12: dhcp-option (2.4.6)The problem is resolved, the extra space before the dhcp-option was causing trouble.
Thanks for the help!