• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Cannot access any Web-Services (but can ping them) from OpenVPN Client

Scheduled Pinned Locked Moved OpenVPN
5 Posts 2 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    randomPerson
    last edited by Apr 24, 2019, 1:24 PM

    Hi,

    I have an OpenVPN server running on my pfSense. When logged in, clients can access any device in the LAN-net. However, accessing Web pages is a problem because although I can ping the IP-Adresses (but not the URLs) of the page, I can't access the Web Page itself (even if I enter the IP Adress of the Web Page into the Browser).

    The screenshots of my currently active Firewall-Rules as well as my ping-test are below.

    OutboundNAT.PNG FirewallRulesWANInterface.PNG FirewallRulesOpenVPNInterface.PNG FirewallRulesLANInterface.PNG

    Any help is greatly appreciated.

    R 1 Reply Last reply Apr 24, 2019, 1:26 PM Reply Quote 0
    • R
      randomPerson @randomPerson
      last edited by Apr 24, 2019, 1:26 PM

      Forgot the Pings
      PingTest.PNG

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by Apr 24, 2019, 3:43 PM

        So your client is missing a DNS.
        If you route any traffic over the VPN you should also provide a DNS in the VPN server settings and ensure that your rules allow that access.

        Furthermore, the first one of your Outbound NAT rules (VPN to WAN) is rubbish. Since you're running an access server, you may not want to go out any packet on the OpenVPN interface.
        For upstream traffic from VPN clients you need a rule on WAN with source = tunnel network. Maybe this is the nameless second one. Hard to say, without knowing your tunnel network.

        R 1 Reply Last reply Apr 26, 2019, 10:25 AM Reply Quote 0
        • R
          randomPerson
          last edited by randomPerson Apr 26, 2019, 10:25 AM Apr 26, 2019, 10:19 AM

          @viragomann

          Hi,

          thanks for the quick reply. So I've removed the first Outbound NAT rule. You were right about the second one, the 10.0.2.0 is the tunnel network. I've also added the following line to the OpenVPN Client file:

          dhcp-option DNS 192.168.1.1

          This makes the config-file look as follows:

          dev tun
          persist-tun
          persist-key
          cipher AES-256-CFB
          auth SHA384
          tls-client
          client
          resolv-retry infinite
          remote [DynDNS-Adress] [OpenVPN Port] udp
          setenv opt block-outside-dns
          lport 0
          dhcp-option DNS 192.168.1.1

          Now I get the following error message:
          Options error: Unrecognized option or missing or extra parameter(s) in pfSense-UDP4-12389-Julius-config.ovpn:12: dhcp-option (2.4.6)

          What can I do here?

          Again, any help is greatly appreciated.

          1 Reply Last reply Reply Quote 0
          • R
            randomPerson @viragomann
            last edited by randomPerson Apr 26, 2019, 10:26 AM Apr 26, 2019, 10:25 AM

            @viragomann

            @randomPerson said in Cannot access any Web-Services (but can ping them) from OpenVPN Client:

            Now I get the following error message:
            Options error: Unrecognized option or missing or extra parameter(s) in pfSense-UDP4-12389-Julius-config.ovpn:12: dhcp-option (2.4.6)

            The problem is resolved, the extra space before the dhcp-option was causing trouble.

            Thanks for the help!

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received