Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SOLVED - can't make -Redirect traffic to the vpn tunnel tunnel to work

    OpenVPN
    2
    3
    2601
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jtpagaran last edited by

      Hi,

      I have a 1.2.1-RC1  box running perfectly for months, now that we need a secure connection back to the Office Lan. We decided to take a look at openvpn capability of pfsense.

      Here's our layout;

      Road Warrior ==========>Wan-58.71.x.x[firestarter/linuxbox]lan10.10.100.1
      <–Crossover cable-->
      wan - 10.10.100.2 [pfsensebox] Lan - 192.168.1.1 –---->Office Lan 192.168.1.0/24

      Note: PPTP server/access  is also running perfectly.

      openvpn config

      udp
      dynamic ip
      1194
      192.168.111.0/24
      192.168.1.0/24
      pki
      push "dhcp-option DNS 208.67.222.222" ;route 192.168.0.0 255.255.255.0 ; push "push "redirect-gateway def1"

      I can connect successfuly to the vpn server and leased with ip 192.168.111.x, can ping ip in my 192.168.1.x network, can access the shared folder but "browsing, ping and tracert to internet is lost.

      here's my route print from my xp test client machine

      Active Routes:
      Network Destination        Netmask          Gateway       Interface  Metric
               0.0.0.0          0.0.0.0    192.168.111.5   192.168.111.6       1
            10.10.10.0    255.255.255.0     10.10.10.105    10.10.10.105       20
          10.10.10.105  255.255.255.255        127.0.0.1       127.0.0.1       20
        10.255.255.255  255.255.255.255     10.10.10.105    10.10.10.105       20
          58.71.23.228  255.255.255.255       10.10.10.1    10.10.10.105       1
             127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
           192.168.1.0    255.255.255.0    192.168.111.5   192.168.111.6       1
         192.168.111.1  255.255.255.255    192.168.111.5   192.168.111.6       1
         192.168.111.4  255.255.255.252    192.168.111.6   192.168.111.6       30
         192.168.111.6  255.255.255.255        127.0.0.1       127.0.0.1       30
       192.168.111.255  255.255.255.255    192.168.111.6   192.168.111.6       30
             224.0.0.0        240.0.0.0     10.10.10.105    10.10.10.105       20
             224.0.0.0        240.0.0.0    192.168.111.6   192.168.111.6       30
       255.255.255.255  255.255.255.255     10.10.10.105    10.10.10.105       1
       255.255.255.255  255.255.255.255    192.168.111.6           10005       1
       255.255.255.255  255.255.255.255    192.168.111.6   192.168.111.6       1
      Default Gateway:     192.168.111.5

      Persistent Routes:
       None

      Note: sorry for my bad english and i tried to searching for this but i can't find a solution to this.

      Thanks. :)

      1 Reply Last reply Reply Quote 0
      • J
        jtpagaran last edited by

        A little update!!

        I was able to solve my my issue by building my pfsense-openvpn configuration from scratch.

        I followed the tutorials thoroughly, and i got it. just follow the tutorial and don't forget to add manual "AON" with the ip address range that you specify in "address poll" field.

        Interface   Source   Source Port   Destination   Destination Port   NAT Address   NAT Port   Static Port   Description  
        [add new mapping]
        WAN   192.168.0.0/24 * * * * * NO Auto created rule for LAN

        WAN   192.168.111.0/24 * * * * * NO openvpn virtual network

        Thanks to all.. :)

        Last question: If a need to create additional client..do i really need to create it on the same machine that i build the keys? Can i just copy the "keys" folder to a ney box and redo the instruction in making client files? will it work ? Anyone?

        Again thank you Development Team and this community for wealth of information about this wonderful project.

        1 Reply Last reply Reply Quote 0
        • K
          kpa last edited by

          @jtpagaran:

          Last question: If a need to create additional client..do i really need to create it on the same machine that i build the keys? Can i just copy the "keys" folder to a ney box and redo the instruction in making client files? will it work ? Anyone?

          Yes you can as long as you copy everything to the new machine and set the key creation environment exactly as it was on the old machine.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy