OpenVPN up and connected but traffic not routed through VPN server

brightwolf

Recently I have set up pfSense to be a VPN client of ProtonVPN. Following this guide and also the guide from ProtonVPN itself I managed to get the VPN client up and running. I have set up firewall rules to route traffic of certain PCs in my network through it. I see these firewall rules being used. However, despite the client being connected to ProtonVPN my traffic is not routed through the VPN. When I check ipinfo.io for example my ISP IP is listed, not ProtonVPN's IP. Internet is working, but not being routed through the VPN as expected.

I rechecked the guides, all NAT rules, firewall rules, interfaces, gateways, CA certs, VPN clients are set up and seemingly set up correctly. But something must be wrong. How can I debug an issue like this? I see nothing in the logs hinting at anything.

All help welcome!

johnpoz

@brightwolf said in OpenVPN up and connected but traffic not routed through VPN server:

I see these firewall rules being used

Well without you showing us exactly what you have setup, there is no way to figure out what is wrong.

From a quick 2 second look over of their guide - atleast they got the don't pull routes correct ;) But there is zero reason to do manual outbound nat, simple hybrid is all that is needed.

ressurex

have you tried this guide ?

https://matya.blog/2017/05/08/using-protonvpn-on-pfsense/

and asking in here with your fellow users.

https://www.reddit.com/r/ProtonVPN/

:o)

johnpoz

So you want ME or other users here to read thru some crap guide, and "assume" you he did that all correctly.. If you did then it would be working now wouldn't it - or the guide is wrong.. And you want us to point out what is wrong with it?

That link is to some blog from 2017 - how could you think that is current?

He needs to post up his config is the only way going to get any help.

brightwolf

@johnpoz Although I understand your comment, that is not what I am asking of course. All I am asking is hints and tips on how to find what's causing this. Like "check for log line xyz in openvpn log" or "<insert smart helpful comment here>" or "simple hybrid NAT is all that is needed". I will look into that last point!

brightwolf

@ressurex Thanks ressurex, the guide you supplied the link to helped me solve the issue. The issue was the "Gateway creation" setting in the VPN client. This setting has three radiobuttons of which none is checked by default. Since the ProtonVPN does not mention this setting I did not touch it. However, as it appears, you need to check one of the radiobuttons in order to create a gateway for IP4, IP6 or both. I checked both and after that, it worked.

@johnpoz The hybrid NAT is not sufficient. I really do need to manually create the NAT rules as mentioned in the ProtonVPN guide, because without those manually created rules (and with only the automatically created ones) it does not work.