OpenVPN Rules and Routing Problem

powerextreme

Hello,

I have an OpenVPN server set up and running for remote access. I am able to connect to the psfsense but I am noticing some strange behavior.

In the OpenVPN tab of my firewall rules I have this rule:
Screen Shot 2020-08-30 at 11.14.54 AM.png

This rule allows me to connect to my internal IP addresses. However it doesn't allow me to surf the Internet through the VPN. I came to the conclusion I need to specify the gateway.

So I went into advanced settings and selected my gateway. The rule now looks like this:
Screen Shot 2020-08-30 at 12.15.06 PM.png

However, now I am not able to access any of the internal IP addresses. When remove the gateway again, it allows me to then reach them.

Any ideas?

viragomann

You don't have to specify a gateway for internet access. That's given by the default route anyway.

Possibly you are missing an outbound NAT rule for VPN traffic going out to WAN?

powerextreme

I do have an outbound NAT rule for VPN traffic to go through the WAN.

Screen Shot 2020-08-30 at 6.45.26 PM.png

I don't know why if I specify the gateway the access to local IP's go away.

viragomann

There is no need to hide private IPs.

@powerextreme said in OpenVPN Rules and Routing Problem:

I don't know why if I specify the gateway the access to local IP's go away.

Cause that rule allow only traffic to the specified gateway. You will need an additional rule on the top of the rule set to allow access to internal subnets.

What do get on the client, when you try to access an internet resource?

Check if you can access the web by using an IP instead of a host name to rule out a DNS issue.