Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can Reach LAN, WAN appears to be blocked

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 718 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      statecowboy
      last edited by

      I'm having issues with my setup. My goal is to create a vpn connection that allows me to reach my LAN (I currently can) as well as tunnel all traffic through my home connection (currently cant do this). I've pasted screenshots of my openvpn config, port forwarding, and NAT outbound rules. Please let me know what else is needed. Thanks in advance.

      OpenVPN Info.zip

      1 Reply Last reply Reply Quote 0
      • kiokomanK Offline
        kiokoman LAYER 8
        last edited by

        what exactly is not working?
        can you ping 8.8.8.8 from the vpn or no traffic is passing? did you try with packet capture to see what is happening? you are not providing dns server list to your vpn client

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 1
        • S Offline
          statecowboy
          last edited by statecowboy

          I can access my LAN after logging in, but it appears all WAN traffic is blocked. I can't access any sites outside of my LAN. Screenshot of ping attached. I'm not sure how to try packet capture. I will google it and see if I can figure that out.Capture.PNG

          OK, I ran a quick packet capture. I attempted to access three different sites. I accessed my server and the pfsense firewall (both succesfully) and attempted to access nbcnews.com (not successful).

          09:02:08.722417 IP 10.0.0.2.51903 > 192.168.1.1.80: tcp 0
          09:02:09.500269 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
          09:02:09.500403 IP 10.0.0.2.51906 > 10.8.34.225.4287: tcp 0
          09:02:09.500480 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
          09:02:09.518024 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 0
          09:02:09.527712 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
          09:02:09.531434 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 145
          09:02:09.549335 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 0
          09:02:09.553991 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 1317
          09:02:09.565701 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 0
          09:02:09.567211 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 1228
          09:02:09.575179 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
          09:02:09.576173 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 145
          09:02:09.586340 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 51
          09:02:09.598175 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 425
          09:02:09.616385 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 422
          09:02:09.636508 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 331
          09:02:09.640963 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 0
          09:02:09.643738 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 1337
          09:02:09.680217 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 1358
          09:02:09.680252 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 1072
          09:02:09.734825 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
          09:02:09.743801 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 1228
          09:02:09.810149 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 51
          09:02:09.824775 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 432
          09:02:09.850817 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 70
          09:02:09.875978 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 87
          09:02:09.890286 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 399
          09:02:09.904016 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 314
          09:02:09.907219 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 70
          09:02:09.935923 IP 216.17.8.250.443 > 10.0.0.2.51905: tcp 566
          09:02:09.971624 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 58
          09:02:09.995632 IP 10.0.0.2.51905 > 216.17.8.250.443: tcp 0
          09:02:10.021505 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
          09:02:10.039427 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 58
          09:02:10.104702 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 58
          09:02:10.197397 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
          09:02:10.262495 IP 162.222.43.53.4287 > 10.0.0.2.51907: tcp 38
          09:02:10.311963 IP 10.0.0.2.51907 > 162.222.43.53.4287: tcp 0
          09:02:10.741322 IP 10.0.0.2.60950 > 8.8.8.8.53: UDP, length 38
          09:02:10.805641 IP 8.8.8.8.53 > 10.0.0.2.60950: UDP, length 92
          09:02:10.822093 IP 10.0.0.2.64442 > 8.8.8.8.53: UDP, length 39
          09:02:10.852951 IP 8.8.8.8.53 > 10.0.0.2.64442: UDP, length 55
          09:02:10.877846 IP 10.0.0.2.49893 > 141.193.16.125.53: UDP, length 102
          09:02:10.930072 IP 141.193.16.125.53 > 10.0.0.2.49893: UDP, length 30
          09:02:12.499970 IP 10.0.0.2.51906 > 10.8.34.225.4287: tcp 0
          09:02:13.756016 IP 10.0.0.2.65114 > 8.8.8.8.53: UDP, length 38
          09:02:13.820033 IP 8.8.8.8.53 > 10.0.0.2.65114: UDP, length 92
          09:02:13.833134 IP 10.0.0.2.49526 > 8.8.8.8.53: UDP, length 39
          09:02:13.845649 IP 8.8.8.8.53 > 10.0.0.2.49526: UDP, length 55
          09:02:13.859264 IP 10.0.0.2.50330 > 141.193.16.125.53: UDP, length 102
          09:02:13.911708 IP 141.193.16.125.53 > 10.0.0.2.50330: UDP, length 30
          09:02:18.500903 IP 10.0.0.2.51906 > 10.8.34.225.4287: tcp 0
          09:02:21.799962 IP 10.0.0.2.51913 > 10.3.35.15.7084: tcp 0
          09:02:23.656709 IP 10.0.0.2.59527 > 10.3.35.138.389: UDP, length 168
          09:02:24.058511 IP 10.0.0.2.59527 > 10.3.35.138.389: UDP, length 168
          09:02:24.800220 IP 10.0.0.2.51913 > 10.3.35.15.7084: tcp 0
          09:02:28.868349 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
          09:02:28.868500 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 0
          09:02:28.869789 IP 10.0.0.2.51915 > 192.168.1.242.80: tcp 0
          09:02:28.869974 IP 192.168.1.242.80 > 10.0.0.2.51915: tcp 0
          09:02:28.876510 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
          09:02:28.876870 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 583
          09:02:28.877209 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 0
          09:02:28.877240 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 326
          09:02:28.877616 IP 10.0.0.2.51915 > 192.168.1.242.80: tcp 0
          09:02:28.889675 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 587
          09:02:28.919104 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.919125 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.919164 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.919179 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.919194 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.919207 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.919220 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 165
          09:02:28.919233 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.919261 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.919271 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.919283 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.929441 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
          09:02:28.929498 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
          09:02:28.929694 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.929712 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.929722 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.930117 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
          09:02:28.930328 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
          09:02:28.930378 IP 10.0.0.2.51914 > 192.168.1.242.80: tcp 0
          09:02:28.930453 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.930469 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.930479 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.931335 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.931352 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.931960 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.931976 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.931985 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.932842 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.932861 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.932871 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.933681 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.933696 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          09:02:28.933705 IP 192.168.1.242.80 > 10.0.0.2.51914: tcp 1358
          
          1 Reply Last reply Reply Quote 0
          • kiokomanK Offline
            kiokoman LAYER 8
            last edited by

            ping was working ok
            you are probably missing this option

            Immagine.jpg

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            S 1 Reply Last reply Reply Quote 1
            • S Offline
              statecowboy @kiokoman
              last edited by statecowboy

              @kiokoman - I'm not exactly sure what to put in for the DNS ip. I am running a DNS resolver on my firewall. Capture 2.PNG

              EDIT - GOT IT! I ended up putting my PFSENSE server's ip in there and it works. Thanks for the help!

              1 Reply Last reply Reply Quote 0
              • kiokomanK Offline
                kiokoman LAYER 8
                last edited by

                correct, you put the ip of your preferred dns resolver, aka ip of the pfsense in your case
                don't forget to press thumb up if it was useful

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.