VPN up - Gateway Down - VPN not routing out to internet



  • Hello All,

    I am having a hard time figuring this out. I have followed many different sites to try and resolve to no avail.

    Version 2.3.5-RELEASE-p2 (i386)
    built on Thu May 10 15:06:00 CDT 2018
    FreeBSD 10.3-RELEASE-p29
    Platform nanobsd (4g)

    I cannot route out to internet via the OPENVPN AS Server. It works fine when i connect my laptop (Linux) or Android phone, so the OPENVPN AS server is setup properly.

    VPN Client Status is up
    c03ed556-f71b-4e13-b245-1e9759ca1855-image.png

    The status of the Pfsense is as follows:

    1025a419-a12b-401c-afa5-26f7e750ea7b-image.png

    VPN Interface:
    b58b63fc-226c-4549-b742-d4d8eac9b242-image.png

    OUTBOUND NAT Rules:
    d51cffe2-e71d-4d7b-bdc9-2095da4455fe-image.png

    VPN Client Settings:

    47965506-e670-48ad-8bd6-5708664333f6-image.png

    I can ping the internet from the VPN Interface:

    96d03aff-cbc2-4175-9be9-bbae6c4cbc8f-image.png

    It has to be a NAT/Routing issue but have cannot figure it out!!

    dea3da5f-0ce8-4b09-92ee-9b8fa16e0078-image.png

    ceb98f75-f7b5-4bc7-9aae-8d0fef7298a2-image.png

    Any help or suggestions welcomed!!

    Thanks in advanced!



  • Your settings are a bit different from what I'm used to seeing, but perhaps that's something to do with your VPN provider.

    On my client connections, I don't specify the local or remote networks. They're assigned automatically.

    Your outbound NAT rules are wrong. That rule you have highlighted should be Source 192.168.1.0/24 to JAMVPN address. You don't need the port 500 rule. Delete those two rules at the end, they're not needed.

    Lastly, you didn't show your LAN rules. You need to use LAN rules to redirect the traffic out the VPN gateway instead of default or WAN.



  • @KOM thanks for reply!

    Updated NAT rules:
    8b178f0e-09e4-4c67-8a1a-a4ba583025ba-image.png

    These are existing LAN rules:
    3ae912cf-c6f5-447f-8809-83568fafbd2d-image.png

    Plese clarify what needs to be changed here.



  • Well, I think you have a typo in your JAMVPN rule. Your local LAN is 192.168.1.0, not 192.168.0.0. Next, I wasn't clear when I said to delete the port 500 rule. I meant for the VPN connection only. You deleted the one for your local network, but it doesn't matter unless you're running IPSEC VPN.

    For your LAN rules, unless you're using IPv6 on your network you can delete the last rule.

    Lastly, edit the IPv4 Default allow LAN to any rule. Click Advanced Options. Scroll down near the bottom to the Gateway field and select JAMVPN. Apply it and now all traffic should go through the gateway. You can further craft your rules to allow only select clients through, or only select ports for running torrents for example.

    Here is an example of my outbound rules.

    Screenshot from 2019-08-09 22-37-57.png

    And my LAN rules.

    Screenshot from 2019-08-09 22-39-46.png



  • @KOM

    Made correction to typo:
    9843656f-c323-4365-b306-e2a444cdeb2a-image.png

    Also modified the LAN rules:
    386e3961-7fad-463f-86ed-8e2c61084c8d-image.png

    It still not routing out the VPN.

    Thanks again for your time.



  • @wrodriguez56 do you have the same network defined for remote network and WANGW?

    10.0.0.0



  • Good catch. I did tell him earlier that those are autogenerated so i don't think he has to specify the tunnel & remote networks at all, but I could be wrong depending on his ISP.



  • Thank you @KOM , issue has been resolved. Thank you for your help.



  • @wrodriguez56 After all that, would be OK to ask what fixed things for you?



  • @BogusException

    I was missing the LAN rules

    fbe94e5d-0232-4b15-a664-8f4715e17b36-image.png

    Once properly configured, NAT worked!!!



  • @wrodriguez56 awesome!

    Might help someone else reading down the road. 🙂


Log in to reply