No internet access through VPN connection to pfsense



  • Hello,
    I have an issue with my current pfsense config, and I am stuck. I tried to get it working for more than five hours.
    I have a setup, where my pfsense is behind a router. I have a OpenVPN-Client on the pfsense, that provides internet-access to the LAN zone. I also need to connect to the LAN from outside, so I have an IPSec server running on pfsense, which I am connecting to from the Windows 10 built-in client. The Clients connected to the VPN use the specified default gateway, which is the WANGW. The LAN is configured to access the internet through the VPN via Firewall-Rules. This setup worked fine for quite a while now.
    Recently I had to change to a different plan at my VPN-provider. I now have a different VPN server assigned by that company. After the change, i can no longer access the internet through the IPSec VPN connection from my client. I can access the LAN just fine though, and I can even access the configuration page of the router, that my pfsense is connected to, which means that I can send traffic through that interface and back. But again, I cannot access the internet through the tunnel.

    My Windows 10 machine is showing the following:

       Verbindungsspezifisches DNS-Suffix:
       IPv4-Adresse  . . . . . . . . . . : 10.0.0.1
       Subnetzmaske  . . . . . . . . . . : 255.255.255.255
       Standardgateway . . . . . . . . . : 0.0.0.0
    

    I would really appreciate if somebody could point me in the right direction.
    Thank you in advance.
    Regards
    Richard



  • I should add, that, during the change of the VPN server, the address of the OpenVPN client on the pfsense changed. It now is 10.66.9.10, which isn't equivalent to the static IP that I got assigned by my VPN provider. The last plan that I was on assigned to the pfsense OpenVPN client the public static IP address. Does this make any difference?
    The LAN zone DHCP on pfsense is on 192.168.0.1 255.255.255.0.
    The client address pool for IPSec clients is 10.0.0.0 /16.
    The WAN interface has 192.168.178.0 255.255.255.0.

    OUTBOUND NAT:

      
    VPNSTATICIP 127.0.0.0/24 * * 500 (ISAKMP) VPNSTATICIP address * ISAKMP - localhost to VPNSTATICIP 
    VPNSTATICIP 127.0.0.0/24 * * * VPNSTATICIP address *  localhost to VPNSTATICIP 
    VPNSTATICIP 192.168.1.0/24 * * 500 (ISAKMP) VPNSTATICIP address * ISAKMP - LAN to VPNSTATICIP 
    VPNSTATICIP 192.168.1.0/24 * * * VPNSTATICIP address *  LAN to VPNSTATICIP
    WAN 127.0.0.0/8 ::1/128 192.168.1.0/24 10.0.0.0/16 * * 500 WAN address *  Auto created rule for ISAKMP 
    WAN 127.0.0.0/8 ::1/128 192.168.1.0/24 10.0.0.0/16 * * * WAN address * Auto created rule 
    


  • @Richard-B said in No internet access through VPN connection to pfsense:

    The Clients connected to the VPN use the specified default gateway, which is the WANGW.

    Maybe that's not true anymore.
    Probably the new OpenVPN server now pushes the default route to you, while the former didn't.

    Try to check "Don't pull routes" in the client settings to avoid that.

    @Richard-B said in No internet access through VPN connection to pfsense:

    The client address pool for IPSec clients is 10.0.0.0 /16.

    Do you really need as many clients? 65 thousands?
    Keep in mind that the IPSec network may overlap the OpenVPN clients network if you get an IP in this range from the server.



  • You are absolutely awesome! Thank you so much. I wasn't thinking of that. I disabled "pull routes", and it worked right away :-).


Log in to reply