[Solved] Cannot get OpenVPN server to mask Client Public IP

testcb00 · Feb 2, 2021, 5:14 PM

Hi everyone, I am newbie to this forum. Current I have set up a pfSense Router based on this guide https://nguvu.org/pfsense/pfsense-baseline-setup/

I ignore the DNS and NTP server settings as I don't own these server.

Now, I want to try the OpenVPN server features. I follow this guide https://chrislazari.com/pfsense-setting-up-openvpn-on-pfsense-2-4/ and make some adjustment to get this configuration.

Using this configuration, I am able to connect to the OpenVPN Server (tried Android Phone or iPad in Wi-Fi or Cellular connection) and connect to my Intranet, but the outgoing (Internet) of Client is still using the Client IP (my pfSense Router and Wi-Fi Router are in two different public IP).

I tried to add Outbound like the below photo but no luck.

May you give any suggestion?

viragomann · Feb 2, 2021, 5:34 PM

@testcb00
Check "Redirect gateway" in the server settings.

testcb00 · Feb 2, 2021, 6:12 PM

@viragomann
I just tried, in this configuration, I cannot access Intranet and Internet in the Client...

Seems the DNS is blocked?

The OpenVPN log is here

viragomann · Feb 2, 2021, 6:29 PM

@testcb00
Seems the traffic from the VPN is not allowed on the VPN server. Check the rule on the OpenVPN interface.

Regarding the mtu, this might be an aftereffect of using TCP mode. The connection should work anyway, but possibly you can get it solved by setting individual mtu options.

testcb00 · Feb 2, 2021, 6:57 PM

@viragomann said in Cannot get OpenVPN server to mask Client Public IP:

@testcb00
Seems the traffic from the VPN is not allowed on the VPN server. Check the rule on the OpenVPN interface.

Regarding the mtu, this might be an aftereffect of using TCP mode. The connection should work anyway, but possibly you can get it solved by setting individual mtu options.

Thanks viragomann. I forget to add the rules. I tried to add rules before I post to forum but the rules didn't work at that time. Is there any delay to apply these rules? or the client DNS is "broken" so that I have to wait for DNS cache expired?

Now I can mask the public IP of the client but I cannot access Intranet. Is there any solution of accessing Intranet and mask public IP at the same time?

viragomann · Feb 2, 2021, 8:41 PM

@testcb00 said in Cannot get OpenVPN server to mask Client Public IP:

Now I can mask the public IP of the client but I cannot access Intranet.

Did you also try accessing by IP address?

These rule may pass all traffic now, presumed OPT4 is the interface you've assigned to the OpenVPN instance.
Pass rules are applied immediately.
What do get now? Something in the logs?

Consider that by default network computers may block access from outside their own subnet. So you might have to open their firewall.

testcb00 · Feb 2, 2021, 9:05 PM

@viragomann All done. Misunderstanding on my Intranet Application state. You're right, using Intranet IP can access my Application.

Thank you very much, viragomann. You saved my days.