Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN up - Gateway Down - VPN not routing out to internet

    Scheduled Pinned Locked Moved OpenVPN
    11 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wrodriguez56
      last edited by wrodriguez56

      Hello All,

      I am having a hard time figuring this out. I have followed many different sites to try and resolve to no avail.

      Version 2.3.5-RELEASE-p2 (i386)
      built on Thu May 10 15:06:00 CDT 2018
      FreeBSD 10.3-RELEASE-p29
      Platform nanobsd (4g)

      I cannot route out to internet via the OPENVPN AS Server. It works fine when i connect my laptop (Linux) or Android phone, so the OPENVPN AS server is setup properly.

      VPN Client Status is up
      c03ed556-f71b-4e13-b245-1e9759ca1855-image.png

      The status of the Pfsense is as follows:

      1025a419-a12b-401c-afa5-26f7e750ea7b-image.png

      VPN Interface:
      b58b63fc-226c-4549-b742-d4d8eac9b242-image.png

      OUTBOUND NAT Rules:
      d51cffe2-e71d-4d7b-bdc9-2095da4455fe-image.png

      VPN Client Settings:

      47965506-e670-48ad-8bd6-5708664333f6-image.png

      I can ping the internet from the VPN Interface:

      96d03aff-cbc2-4175-9be9-bbae6c4cbc8f-image.png

      It has to be a NAT/Routing issue but have cannot figure it out!!

      dea3da5f-0ce8-4b09-92ee-9b8fa16e0078-image.png

      ceb98f75-f7b5-4bc7-9aae-8d0fef7298a2-image.png

      Any help or suggestions welcomed!!

      Thanks in advanced!

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Your settings are a bit different from what I'm used to seeing, but perhaps that's something to do with your VPN provider.

        On my client connections, I don't specify the local or remote networks. They're assigned automatically.

        Your outbound NAT rules are wrong. That rule you have highlighted should be Source 192.168.1.0/24 to JAMVPN address. You don't need the port 500 rule. Delete those two rules at the end, they're not needed.

        Lastly, you didn't show your LAN rules. You need to use LAN rules to redirect the traffic out the VPN gateway instead of default or WAN.

        1 Reply Last reply Reply Quote 0
        • W
          wrodriguez56
          last edited by wrodriguez56

          @KOM thanks for reply!

          Updated NAT rules:
          8b178f0e-09e4-4c67-8a1a-a4ba583025ba-image.png

          These are existing LAN rules:
          3ae912cf-c6f5-447f-8809-83568fafbd2d-image.png

          Plese clarify what needs to be changed here.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by KOM

            Well, I think you have a typo in your JAMVPN rule. Your local LAN is 192.168.1.0, not 192.168.0.0. Next, I wasn't clear when I said to delete the port 500 rule. I meant for the VPN connection only. You deleted the one for your local network, but it doesn't matter unless you're running IPSEC VPN.

            For your LAN rules, unless you're using IPv6 on your network you can delete the last rule.

            Lastly, edit the IPv4 Default allow LAN to any rule. Click Advanced Options. Scroll down near the bottom to the Gateway field and select JAMVPN. Apply it and now all traffic should go through the gateway. You can further craft your rules to allow only select clients through, or only select ports for running torrents for example.

            Here is an example of my outbound rules.

            Screenshot from 2019-08-09 22-37-57.png

            And my LAN rules.

            Screenshot from 2019-08-09 22-39-46.png

            W 1 Reply Last reply Reply Quote 0
            • W
              wrodriguez56 @KOM
              last edited by

              @KOM

              Made correction to typo:
              9843656f-c323-4365-b306-e2a444cdeb2a-image.png

              Also modified the LAN rules:
              386e3961-7fad-463f-86ed-8e2c61084c8d-image.png

              It still not routing out the VPN.

              Thanks again for your time.

              BogusExceptionB 1 Reply Last reply Reply Quote 0
              • BogusExceptionB
                BogusException @wrodriguez56
                last edited by

                @wrodriguez56 do you have the same network defined for remote network and WANGW?

                10.0.0.0

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  Good catch. I did tell him earlier that those are autogenerated so i don't think he has to specify the tunnel & remote networks at all, but I could be wrong depending on his ISP.

                  W 1 Reply Last reply Reply Quote 0
                  • W
                    wrodriguez56 @KOM
                    last edited by

                    Thank you @KOM , issue has been resolved. Thank you for your help.

                    BogusExceptionB 1 Reply Last reply Reply Quote 0
                    • BogusExceptionB
                      BogusException @wrodriguez56
                      last edited by

                      @wrodriguez56 After all that, would be OK to ask what fixed things for you?

                      W 1 Reply Last reply Reply Quote 0
                      • W
                        wrodriguez56 @BogusException
                        last edited by

                        @BogusException

                        I was missing the LAN rules

                        fbe94e5d-0232-4b15-a664-8f4715e17b36-image.png

                        Once properly configured, NAT worked!!!

                        BogusExceptionB 1 Reply Last reply Reply Quote 0
                        • BogusExceptionB
                          BogusException @wrodriguez56
                          last edited by

                          @wrodriguez56 awesome!

                          Might help someone else reading down the road. 🙂

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.