Can Reach LAN, WAN appears to be blocked



  • I'm having issues with my setup. My goal is to create a vpn connection that allows me to reach my LAN (I currently can) as well as tunnel all traffic through my home connection (currently cant do this). I've pasted screenshots of my openvpn config, port forwarding, and NAT outbound rules. Please let me know what else is needed. Thanks in advance.

    OpenVPN Info.zip


  • LAYER 8

    what exactly is not working?
    can you ping 8.8.8.8 from the vpn or no traffic is passing? did you try with packet capture to see what is happening? you are not providing dns server list to your vpn client



  • I can access my LAN after logging in, but it appears all WAN traffic is blocked. I can't access any sites outside of my LAN. Screenshot of ping attached. I'm not sure how to try packet capture. I will google it and see if I can figure that out.Capture.PNG

    OK, I ran a quick packet capture. I attempted to access three different sites. I accessed my server and the pfsense firewall (both succesfully) and attempted to access nbcnews.com (not successful).

    09:02:08.722417 IP 10.0.0.2.51903 > 192.168.1.1.80: tcp 0
    09:02:09.500269 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
    09:02:09.500403 IP 10.0.0.2.51906 > 10.8.34.225.4287: tcp 0
    09:02:09.500480 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
    09:02:09.518024 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 0
    09:02:09.527712 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
    09:02:09.531434 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 145
    09:02:09.549335 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 0
    09:02:09.553991 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 1317
    09:02:09.565701 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 0
    09:02:09.567211 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 1228
    09:02:09.575179 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
    09:02:09.576173 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 145
    09:02:09.586340 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 51
    09:02:09.598175 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 425
    09:02:09.616385 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 422
    09:02:09.636508 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 331
    09:02:09.640963 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 0
    09:02:09.643738 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 1337
    09:02:09.680217 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 1358
    09:02:09.680252 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 1072
    09:02:09.734825 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
    09:02:09.743801 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 1228
    09:02:09.810149 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 51
    09:02:09.824775 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 432
    09:02:09.850817 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 70
    09:02:09.875978 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 87
    09:02:09.890286 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 399
    09:02:09.904016 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 314
    09:02:09.907219 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 70
    09:02:09.935923 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 566
    09:02:09.971624 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 58
    09:02:09.995632 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
    09:02:10.021505 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
    09:02:10.039427 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 58
    09:02:10.104702 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 58
    09:02:10.197397 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
    09:02:10.262495 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 38
    09:02:10.311963 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
    09:02:10.741322 IP 10.0.0.2.60950 > 8.8.8.8.53: UDP, length 38
    09:02:10.805641 IP 8.8.8.8.53 > 10.0.0.2.60950: UDP, length 92
    09:02:10.822093 IP 10.0.0.2.64442 > 8.8.8.8.53: UDP, length 39
    09:02:10.852951 IP 8.8.8.8.53 > 10.0.0.2.64442: UDP, length 55
    09:02:10.877846 IP 10.0.0.2.49893 > 141.193.16.125.53: UDP, length 102
    09:02:10.930072 IP 141.193.16.125.53 > 10.0.0.2.49893: UDP, length 30
    09:02:12.499970 IP 10.0.0.2.51906 > 10.8.34.225.4287: tcp 0
    09:02:13.756016 IP 10.0.0.2.65114 > 8.8.8.8.53: UDP, length 38
    09:02:13.820033 IP 8.8.8.8.53 > 10.0.0.2.65114: UDP, length 92
    09:02:13.833134 IP 10.0.0.2.49526 > 8.8.8.8.53: UDP, length 39
    09:02:13.845649 IP 8.8.8.8.53 > 10.0.0.2.49526: UDP, length 55
    09:02:13.859264 IP 10.0.0.2.50330 > 141.193.16.125.53: UDP, length 102
    09:02:13.911708 IP 141.193.16.125.53 > 10.0.0.2.50330: UDP, length 30
    09:02:18.500903 IP 10.0.0.2.51906 > 10.8.34.225.4287: tcp 0
    09:02:21.799962 IP 10.0.0.2.51913 > 10.3.35.15.7084: tcp 0
    09:02:23.656709 IP 10.0.0.2.59527 > 10.3.35.138.389: UDP, length 168
    09:02:24.058511 IP 10.0.0.2.59527 > 10.3.35.138.389: UDP, length 168
    09:02:24.800220 IP 10.0.0.2.51913 > 10.3.35.15.7084: tcp 0
    09:02:28.868349 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
    09:02:28.868500 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 0
    09:02:28.869789 IP 10.0.0.2.51915 > 192.168.1.242.80: tcp 0
    09:02:28.869974 IP 192.168.1.242.80 > 10.0.0.2.51915: tcp 0
    09:02:28.876510 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
    09:02:28.876870 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 583
    09:02:28.877209 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 0
    09:02:28.877240 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 326
    09:02:28.877616 IP 10.0.0.2.51915 > 192.168.1.242.80: tcp 0
    09:02:28.889675 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 587
    09:02:28.919104 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.919125 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.919164 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.919179 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.919194 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.919207 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.919220 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 165
    09:02:28.919233 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.919261 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.919271 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.919283 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.929441 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
    09:02:28.929498 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
    09:02:28.929694 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.929712 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.929722 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.930117 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
    09:02:28.930328 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
    09:02:28.930378 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
    09:02:28.930453 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.930469 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.930479 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.931335 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.931352 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.931960 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.931976 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.931985 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.932842 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.932861 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.932871 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.933681 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.933696 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    09:02:28.933705 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
    

  • LAYER 8

    ping was working ok
    you are probably missing this option

    Immagine.jpg



  • @kiokoman - I'm not exactly sure what to put in for the DNS ip. I am running a DNS resolver on my firewall. Capture 2.PNG

    EDIT - GOT IT! I ended up putting my PFSENSE server's ip in there and it works. Thanks for the help!


  • LAYER 8

    correct, you put the ip of your preferred dns resolver, aka ip of the pfsense in your case
    don't forget to press thumb up if it was useful


Log in to reply