OpenVPN client connected, no internet or LAN access

dean2028

@viragomann Yes, FW rule is in place and I've tried also with duplicating the Outbound NAT rules and changing the interface from WAN to OpenVPN.

Outbound NAT rules:

dean2028

@dean2028 said in OpenVPN client connected, no internet or LAN access:

... and I've tried also with duplicating the Outbound NAT rules and changing the interface from WAN to OpenVPN.

but to be honest, I don't really know what I'm doing here with these, therefore I'm not sure if this makes sense at all as it is now. If I leave it on Automatic, it doesn't work either.

viragomann

All you need in the outbound NAT is this rule:

It seems to be added by pfSense automatically already.

Try to access the pfSense WebGUI. Try the OpenVPN server IP which is 10.1.1, also try the LAN IP.

dean2028

@viragomann Thanks for confirming the NAT rules.

Try to access the pfSense WebGUI. Try the OpenVPN server IP which is 10.1.1, also try the LAN IP.

I can reach the pfSense UI login page with both, the LAN IP 192.168.1.14 and the OpenVPN server IP 10.1.1.1.

viragomann

So at least the route to the LAN network works.

Ensure that your LAN device does not block the access. If it's running a firewall it probably blocks access from other networks, since you haven't explicitly allowed it.

You may use the ping tool from the pfSense Diagnostic menu for investigating. You may try a ping with source address LAN and e.g. OpenVPN to see if it responses.

dean2028

Ensure that your LAN device does not block the access. If it's running a firewall it probably blocks access from other networks, since you haven't explicitly allowed it.

@viragomann Shame on me... That was it. Thanks for the heads up. I believe the LAN access part solved then. However internet access still doesn't seem to work or at least I'm not able to open anything from the internet in Safari from the phone. Checked the pfSense ping tool to ping a host like google with OpenVPN selected and it seems the IP resolved and ping works.

viragomann

@dean2028 said in OpenVPN client connected, no internet or LAN access:

and it seems the IP resolved

That may be the cue here.
Have you stated a DNS server in the OpenVPN settings?

dean2028

@viragomann Yes and just checked with a tool on the phone that the port is open to the pfSense LAN IP on port 53. However when I try a DNS lookup for an internet host on the phone, I get no response while connected to VPN.

dean2028

That's quite weird. I went to the DNS resolver settings, changed Network interfaces to All from LAN and Localhost. Reconnected with the phone to the vpn and still did not work. Changed the Network interfaces back to LAN and Localhost, applied the settings, then the service chrashed. Started from the DNS resolver from the UI and it works now. Maybe it has something to do with Unbound and pfBlockerNG?

viragomann

It’s not the possibility to access DNS port. You have to enter a DNS server in the proper box to push it to the client, otherwise the client won’t have no DNS config.
If you’re running the DNS Resolver or Forwarder on pfSense, this may be the IP of the pfSense itself.

dean2028

@viragomann I understand, but this was set since the beginning as I wrote in my first post about the config:

DNS Server 1: 192.168.1.14 (pfSense, I use pfSense as DNS server with pfBlockerNg)

but I tried to add it also manually before to the config by this line, but actually did not change anything:

push "dhcp-option DNS 192.168.1.14"

What was interesting, I also saw connections earlier from the phone to the pfSense IP on port 53 based on states
(Firewall > Rules > OpenVPN, then clicked traffic data in the States column)

but something was not good as the DNS server actually not responded to the queries from the phone. At the moment I have that only idea the DNS server service was not in a good condition.

Anyway, thanks a lot for your help, I really appreciate your prompt feedbacks!