Client online but Gateway not working



  • Noob here. Lately I got me a vps(?) on the internet (first time), where I installed openvpn and created a openvpn Server on it (first time). I want my pfSense at home connect to it as a client and then I want to policy route traffic out that vps, similar to the vpn client I already have in pfSense to a vpn Provider.

    I finally achieved that the client in pfSense connects to my vps, green.
    But the gateway I created afterwards with that client stays offline, red.

    Capture.PNG

    I tested with OpenVPN for android on my phone, it can redirect all traffic out through the vpn on the vps.
    So I am thinking, maybe there is an option in the server on that vps to be set, to allow the gateway functionality for pfSense or my client is still miss configured? NAT is enabled for the interface.

    Any help is appreciated.
    I am somewhat exhausted from creating the ovpn server in the first place and almost know nothing about OVPN.



  • @Bob-Dig said in Client online but Gateway not working:

    I am somewhat exhausted from creating the ovpn server in the first place

    By putting your fingers on a keyboard, moving the mouse with your hand and looking at a screen ?

    First things first : do not believe that you can learn thing as shwon in the Matrix : by have it uploaded in your brains, and hup you can fly thatB48 Sykosrky helicopter.
    It's the old process that we are all still using today. It's normal that it feels hard. You're actually "fighting yourself". The good news is : you can only win.
    The bad news : no free ride - no exceptions, not even for you and me.

    So :
    What I would do : instal; Google, and type : Your own VPN server on a VPS and start reading and clicking. (something that has to be learned also, I know, live is hard and then you d..... etc etc)

    Do look at several guides.
    Prefer the ones that use the same software version as you do.
    If you find differences, try to understand why the author did something different as what you would do.

    Btw : I installed X-Plane about 2 years ago. And the "737-800" ZIBO mod.
    And take note : I have to use my feet also to control this thing ....
    Preparation, taxiing and take off goes quiet well. Climb and cruse also. Build failures - and the manual approach is still a disaster (cat III autoland is what I prefer if I do not what to create yet another crater) .... I'm a noob at it.
    Are you going to say say that I have to learn ??? ;)

    And yes, X-Plane has nothing to do with pfSense, as installing and setting up OpenVPN on "some OS" ☺

    edit : you are hiding all details, settings, in your question. Or, as you might have found out already, there are many ....(== possible pitfalls).
    There is not such thing as click here click there and done, it works.
    This is open software, and it's a server type of software : that stands for : a lot of work while installing, keeping it up, supporting it. A real pain. ( and we love it )



  • The client is connected according to pfSense so this might reduce the possible errors to a knowledgeable person enough to give me a good hint, at least that is my hope. I don't work in IT so it is only for the fun, but had none yesterday.

    @Gertjan BTW I already followed a guide on the interwebs, but didn't worked out completely, so at least point me to the right guide for this setup instead of just google.



  • Aha, lol, no way.
    I'm not testing these guides : I don't need a VPN on A VPS.
    If the first one fails for you, you try the next one.

    Google is just a source. i'm not saying that you should limit you that one.
    The OpenVPN server support has everything you need, as all the people that build OpenVPBN server on any kind of device are concentrated there.

    Btw : I'm not working as an IT.
    My job is to clean this blue thing (bottom of this page) - amongst others.



  • So I decided to ditch my vps installation and installed pfSense there. Thought I will have a good experience, needed one, but didn't got it.

    I used the wizard to create a vpn-server in pfSense on that vps. Then I installed the clientexport utility, just in case, and put those settings in the vpnclient on my local pfsense.
    But it was not connecting. Then I rebooted the senses and now my local pfSense didn't boot but halted to ask for some username and pw... I gave it that of the vpn-user so it booted and all the lights are green, but I still can't get traffic routed through the vps.
    ☹
    What happened here in the first place?



  • Last question.. is this expected behavior, that a pfSense on an vps (with one nic only) and a openvpn Server created with the wizard on it and on the other side a pfSense with the same version is not able to make a connection and route the traffic through the first one?



  • I have a small VPS 'somewhere' that runs Debian 9.12.
    I installed OpenVPN 2.4.x as a Debian package (and something called EasyRSA) and set it up on UDP, port 1194, using certs server side / client side etc.

    On my side, I used the classic https://openvpn.net/community-downloads/ (that's the entire thing, the OpenVPN server on window's side, and the Windows GUI client).

    I was able to connect my OpenVPN VPS based server with my desktop client.
    That is, the tunnel came up. I did not test the actual routing over the tunnel.
    I'm already using the OpenVPN server of pfsense on my work so I can connect 'from home' if needed. Half the planet was doing that last two month or so as they had to stay home end work.

    @Bob-Dig said in Client online but Gateway not working:

    is this expected behavior, that a pfSense on an vps (with one nic only) and a openvpn Server created with the wizard on it and on the other side a pfSense with the same version is not able to make a connection and route the traffic through the first one?

    One of the usages of pfSense is a head-to-head to another pfSense, interconnecting the two local network(s). See the forum for questions related to this setup.



  • @Gertjan So your setup is very different to mine.
    Like I said before, in my first try, I could connect with my phone to my OVPN-Server that I had made by hand, just pfSense couldn't "route". Before I investing any more afford in it, I want to make sure, my pfSense isn't flawed somewhat.



  • @Bob-Dig said in Client online but Gateway not working:

    my pfSense isn't flawed somewhat.

    When you installed pfSense, you had exactly the same 'code' as I did. And a couple of hundred of thousands other installs.
    The installer program works doesn't want to know who you are so it can install accordingly.

    You want pfSense OpenVPN server to have access to LAN(s) and route elsewhere ?
    Here come the magic words :
    Google => Youtube => Netgate (these guys make pfSense) => Pick your "OpenVPN"video - there are serveral of them. See also the very recent OpenVPN "Netgate" video.



  • @Gertjan said in Client online but Gateway not working:

    You want pfSense OpenVPN server to have access to LAN(s)

    No, so just stop spamming my thread, thanks and blocked.



  • So finally installed the OpenVPN Access Server and it works, meaning, I did everything right on the client side, but still everything could be messed up on the server side, if I roll my own on a ubuntu machine.
    Again, if anyone got a good and working tutorial for that, would be appropriated.


Log in to reply