• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

LAN Connection Drops when OPENVPN(client) connected

Scheduled Pinned Locked Moved OpenVPN
17 Posts 4 Posters 1.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    enjawd
    last edited by Jan 27, 2021, 8:05 AM

    Hi Experts!

    I'm trying to figure out what went wrong here, i have added in a openvpn profile and manage to get openvpn connection up. I'm able to see the IP(internal) issued by the connection as well as public ip of openvpn. Problem comes in when openvpn is up, i lost my internet connection on my lan device unless i turn off my openvpn interface.

    I've read a few tutorial but nothing seems to work. i've done the following:-

    1. Firewall rules: Lan connection for any to openvpn gateway
    2. NAT: manual, duplicating all wan connection to vpn

    Any expert able to help me out here?

    *OPENVPN Profile: Site to Site. Not subscribe VPN service.

    Thanks for reading. 😊

    V 1 Reply Last reply Jan 27, 2021, 4:32 PM Reply Quote 0
    • V
      viragomann @enjawd
      last edited by Jan 27, 2021, 4:32 PM

      @enjawd said in LAN Connection Drops when OPENVPN(client) connected:

      Firewall rules: Lan connection for any to openvpn gateway

      This rule does not allow access to pfSense itself. So if your LAN devices are configured to use pfSense for DNS resolution, they will be blocked.

      E 1 Reply Last reply Jan 28, 2021, 12:08 AM Reply Quote 0
      • E
        enjawd @viragomann
        last edited by Jan 28, 2021, 12:08 AM

        @viragomann hi! Sorry I’m fairly new to pfsense, how do I go about fixing this? I saw guide for VPN configuration seems like they only did NAT outbound to manual and set firewall rules to VPN gateway for OpenVPN interface

        J V 2 Replies Last reply Jan 28, 2021, 12:12 AM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @enjawd
          last edited by johnpoz Jan 28, 2021, 12:12 AM Jan 28, 2021, 12:12 AM

          @enjawd said in LAN Connection Drops when OPENVPN(client) connected:

          I saw guide for VPN configuration seems like they only did NAT outbound to manual and set firewall rules to VPN gateway for OpenVPN interface

          And those guides suck in my professional and personal opinion ;)

          There is no reason to use manual, just setup a hybrid to nat traffic you want to go out your vpn connection.

          Forcing traffic via a firewall, ie policy routing without mentioning any thing about rules above that to allow access to say pfsense or other local networks.

          I would suggest you read over the policy routing part of the docs.

          https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html

          Pay attention to the bypass policy route section
          https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html#bypassing-policy-routing

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          E 1 Reply Last reply Jan 28, 2021, 8:03 AM Reply Quote 0
          • E
            enjawd @johnpoz
            last edited by Jan 28, 2021, 8:03 AM

            @johnpoz 😧 im not sure which part im doing wrongly. i still cant get my lan device connected to vpn 🤤

            1 Reply Last reply Reply Quote 0
            • V
              viragomann @enjawd
              last edited by Jan 28, 2021, 9:01 AM

              @enjawd
              This LAN rule with stated gateway (policy routing) directs all traffic to the VPN server.
              To allow DNS or other internal traffic you need an additional rule above of this one for internal access.
              Don't know, what you need to access internal, if it's DNS to pfSense only add a rule for TCP/UDP protocol, dest = this firewall, dest. port 53 to the top of the rule set.

              E 1 Reply Last reply Jan 28, 2021, 9:31 AM Reply Quote 0
              • E
                enjawd @viragomann
                last edited by Jan 28, 2021, 9:31 AM

                @viragomann i realize i might need to rephrase my topic 🤣 ...

                What I'm trying to achieve is for my computer to access the VPN connection. But when i set the NAT rule for LAN (gateway vpn selected), all my pc internet drop. When i disable the rule, internet connection resume for the pc's.

                I don't need to access anything internal but just needed my pc to connect to the VPN that's all so it can access some files in the network

                V 1 Reply Last reply Jan 28, 2021, 9:45 AM Reply Quote 0
                • V
                  viragomann @enjawd
                  last edited by Jan 28, 2021, 9:45 AM

                  @enjawd
                  I was talking about DNS access. Usually people use DHCP on pfSense to set the network settings on the internal devices and by default this configures pfSense as DNS server.
                  So if your configuration is like this, the devices are configured to access pfSense LAN IP for DNS resolution and you need to allow it!!!

                  Since you didn't tell us your settings, we have to assume, it is like this default one.

                  So simply establish the VPN and try to access an internet resource by its IP address, e.g. ping 8.8.8.8
                  If that works you will know it's a DNS issue, if it doesn't we can look further.

                  E 1 Reply Last reply Jan 30, 2021, 12:40 AM Reply Quote 0
                  • G
                    Gertjan
                    last edited by Jan 28, 2021, 10:41 AM

                    This is the mini OpenVPN set up guide.

                    Good news : it's from the guys who made it.

                    Backup your config, do exactly what's show in the video, and check that's is working.
                    If still no ok, at least you know that's it's not 'pfSense related'.

                    See also the other two official video's. They date a little bit, but still very valid.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • E
                      enjawd @viragomann
                      last edited by enjawd Jan 30, 2021, 1:12 AM Jan 30, 2021, 12:40 AM

                      @viragomann omg i've reach a dead end, i've no no idea what else i can try to do. with openvpn connection enabled, im still able to ping 8.8.8.8 via ssh but my LAN device still has no internet. So i believe it might have something to do with pfsense dns on my lan? what ip address do i need to specify on my dns for openvpn int? can i leave it at 8.8.8.8, tried this dns server but lan still does not have internet

                      V 1 Reply Last reply Jan 30, 2021, 9:57 AM Reply Quote 0
                      • V
                        viragomann @enjawd
                        last edited by Jan 30, 2021, 9:57 AM

                        @enjawd said in LAN Connection Drops when OPENVPN(client) connected:

                        im still able to ping 8.8.8.8 via ssh

                        via SSH? You mean pinging from pfSense? You should test it on a LAN device.

                        So as mentioned if your LAN devices use pfSense for DNS resolution, you have to allow it. So post your LAN rules, please, that we can verify.

                        And tell us what your intention is. Do you want to direct the whole traffic over the VPN or only partial?

                        E 1 Reply Last reply Jan 30, 2021, 4:22 PM Reply Quote 0
                        • E
                          enjawd @viragomann
                          last edited by Jan 30, 2021, 4:22 PM

                          @viragomann Yeah i did a ping from pfsense. on LAN device i cant ping 8.8.8.8.

                          My goal is to setup some device to go thru VPN network, while the rest will go thru my isp.

                          This is my current setting. For now i've set it as all device will have VPN access just to get this working first.
                          pf.PNG

                          J V 2 Replies Last reply Jan 30, 2021, 6:00 PM Reply Quote 0
                          • J
                            johnpoz LAYER 8 Global Moderator @enjawd
                            last edited by johnpoz Jan 30, 2021, 6:03 PM Jan 30, 2021, 6:00 PM

                            How would those rules allow access to 8.8.8.8 from a client?

                            Your rule there allows access to firewall IPs (sure not going to be 8.8.8.8)

                            Then you force everything out the vpn.. And don't even see any hits on your firewall rule or you access to the firewall for dns.

                            If you want clients to be able to go to the 8.8.8.8, put a rule above the vpn gateway rule that allows that..

                            Not sure why your vpn would not allow you to ping 8.8.8.8 though?

                            None of the those rules show any hits at all, are you even going through pfsense? I would expect your antilockout to show something..

                            hits.png

                            See how my antilock out shows traffic and currently 1 state.. While my normal rule shows 30 current states with 477GB moved since last the counters were reset.

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                            1 Reply Last reply Reply Quote 0
                            • V
                              viragomann @enjawd
                              last edited by Jan 30, 2021, 6:06 PM

                              @enjawd said in LAN Connection Drops when OPENVPN(client) connected:

                              Yeah i did a ping from pfsense. on LAN device i cant ping 8.8.8.8.

                              So you're not able to go through the VPN. If you can't ping 8.8.8.8 it' nothing with DNS.

                              The VPN is connected and the VPN gateway is shown as up?
                              So recheck oubound NAT. Is it in hybrid or manual mode? Post the rules.

                              E 1 Reply Last reply Jan 31, 2021, 4:34 AM Reply Quote 0
                              • E
                                enjawd @viragomann
                                last edited by Jan 31, 2021, 4:34 AM

                                @viragomann said in LAN Connection Drops when OPENVPN(client) connected:

                                you're not able to go through the VPN. If you can't ping 8.8.8.8 it' nothing with DNS.
                                The VPN is connected and the VPN gateway is shown as up?
                                So recheck oubound NAT. Is it in hybrid or manual mode? Post the rules.

                                @viragomann i've attach screenshot of dashboard as well as NAT setting. On OpenVPN, the remote/virtual is correct ip of my remote connection

                                pf2.PNG pf.PNG

                                V 1 Reply Last reply Jan 31, 2021, 9:17 AM Reply Quote 0
                                • V
                                  viragomann @enjawd
                                  last edited by Jan 31, 2021, 9:17 AM

                                  @enjawd
                                  You have assigned the interface 161VPNINF to your client, so also have to use this interface in the outbound NAT.

                                  J 1 Reply Last reply Jan 31, 2021, 10:16 AM Reply Quote 0
                                  • J
                                    johnpoz LAYER 8 Global Moderator @viragomann
                                    last edited by johnpoz Jan 31, 2021, 10:18 AM Jan 31, 2021, 10:16 AM

                                    Go back to auto, deleted all the other rules. then go to hybrid and create your rule for your boubound nat for your vpn.

                                    hybrid.png

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    1 Reply Last reply Reply Quote 0
                                    17 out of 17
                                    • First post
                                      17/17
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                      This community forum collects and processes your personal information.
                                      consent.not_received