NAT problem when openvpn connection from inside the LAN is made.
-
Hi!
First of all, great product. I installed pfsense on an ALIX board to serve as a VDSL (50mbit/10mbit) router and so far it works great. There's only one thing I can't get my head around. I already asked this on #pfsense ( Thanks again Valen), maybe somebody here knows a way.
Setup:
pfsense 1.2.2 embedded (192.168.0.1) connects via PPOE on vr1.
ubuntu server (192.168.0.2) is connected to pfsense via vr0.
ubuntu client (192.168.0.10) is connected to pfsense via ath0
Windows Client (192.168.0.20) is connected via Virtual Machine on the ubuntu server.
The ubuntu server has a ssh and apache server that serve the world via NAT. Everything is working fine this way.Now, in addition to that I want to establish a VPN Connection from the ubuntu server (192.168.0.2) to a server on the internet. This is also working fine via openvpn installed and running on the ubuntu server. What is not working, is the NAT. Neither the ssh server nor the apache are responding anymore. Both the apache and the ssh server are still working when the connection is established from the ubuntu client within the LAN though.
Curious whether this a linux routing problem I started Windows XP in Virtual Machine and tested the same scenario. Result: telnet was not going through to the XP client after I established the VPN Connection, before it was. Tested and confirmed.
So, any ideas why pfsense is obviously not routing the packages coming from the NAT to the client, when a vpn connection is made, but does so for a connection from the LAN?
Bottom Line: outgoing traffic from the ubuntu server should take the vpn connection, incoming connection from LAN or WAN should take the "normal route".
Thanks for any advice on this topic.
-
Are you using the redirect dev1 option on this OpenVPN tunnel?
-
Here is the openvpn config File I'm using. So unless it is in some other file, I'd say no. ;)
client dev tun remote xxx.xxx.xxx 1149 proto udp tun-mtu 1500 fragment 1300 mssfix float reneg-sec 86400 resolv-retry infinite nobind persist-key persist-tun route-method exe route-delay 2 ca xxx.crt cert xxx.crt key xxx.key tls-auth xxx.key 1 cipher AES-256-CBC comp-lzo verb 4 ns-cert-type server auth-user-pass inactive 604800 ping 5 ping-restart 60