Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No acces to Internet when connected to oVPN

    Scheduled Pinned Locked Moved OpenVPN
    28 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Gamienator 0G
      Gamienator 0
      last edited by

      Hello everyone,

      I just can't find the issue. My two pfSenses have a weird Issue I can't fix. Both of them running pfBlockerNG in addition for Adblocking. After an mistyke from me I deleted one of my OpenVPN Servers and created via the Wizard a new one. And now I don't have full Internetaccess over that OpenVPN connection.

      While the IP Address 8.8.8.8 is pingable, I can't reach google.com for example and can't ping that server. I'm out of ideas. Can someone help me out and give me input what could be the issue?

      Thanks!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Gamienator 0
        last edited by

        @gamienator-0
        Seems the client is unable the resolve host names.

        If you provide a DNS server in the OpenVPN settings ensure that it is reachable from the client, that the route is set properly and that the DNS servers ACL allow access from the OpenVPN clients.

        Gamienator 0G 1 Reply Last reply Reply Quote 0
        • Gamienator 0G
          Gamienator 0 @viragomann
          last edited by Gamienator 0

          @viragomann Thats the point, it can resolve it. But there is no connection for some reason. And I don't habe any blocking ACLs :(

          WAN2.png WAN Rules.png OpenVPN Rules.png LAN Rules.png

          As you can see, there are my Rules, WAN2, WAN, OpenVPN, LAN.

          Do I oversee something?

          The one Blocking Rule is a alias of two IP Adresses, which I don't want to connect to the web :)

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Gamienator 0
            last edited by

            @gamienator-0 said in No acces to Internet when connected to oVPN:

            Thats the point, it can resolve it.

            Did you verify this?

            Gamienator 0G 1 Reply Last reply Reply Quote 0
            • Gamienator 0G
              Gamienator 0 @viragomann
              last edited by

              @viragomann yes, I tried several hostnames, all were able to be resolved

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @Gamienator 0
                last edited by

                @gamienator-0
                So can you provide some more details about your set up, please?

                @gamienator-0 said in No acces to Internet when connected to oVPN:

                My two pfSenses have a weird Issue I can't fix.

                How are the two boxes involved into this issue?
                Do you have the same issue on both? Or are the connected by a site-to-site VPN?
                Is it an access server and you are connecting from a client computer?

                Gamienator 0G 1 Reply Last reply Reply Quote 0
                • Gamienator 0G
                  Gamienator 0 @viragomann
                  last edited by Gamienator 0

                  @viragomann

                  The setup is the following. At Home I use one pfsense. My second pfsense box is on a dedicated root Server. This pfsenses are not connected, I use the pfsense on the root Server only to have an Adblock on my iPhone, since my Home Internet is not stable atm.

                  This Problem started on my Home pfsense 4 months ago. On my root Server pfsense two werks ago, where I had to setup the vpn Server again After an expiring certificate and accidantly resetting the pfsense CA.

                  I don't Really remeber why it broke at Home, but I remember on the root Server. There are two ovpn Server running, one on Port 1194 and the other on 11194. After deleting the Server 11194 and rerunning the Wizard none of the ovpn Servers are going me Internet While i'm connected

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @Gamienator 0
                    last edited by

                    @gamienator-0
                    And we are talking about the root server here or about your home box?
                    Interface names like TELEKOMPPOE or VODAFON... doesn't sound like a root server connection to me at all.

                    And you're connecting to one of these from your phone if I go you correctly?

                    Gamienator 0G 1 Reply Last reply Reply Quote 0
                    • Gamienator 0G
                      Gamienator 0 @viragomann
                      last edited by Gamienator 0

                      @viragomann we're talking about both. But year, I showed you only the Home box. So to clarify, I got the no interner While connected von on both boxes, but to night I debugge only on the Home box because I beleive there is a missing rule which got deleted While deleting the ovpn Server or the Wizard did a Mess?

                      I tried it with several clients, my iPhone, my Notebook. All with OpenVPN Connect

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @Gamienator 0
                        last edited by

                        @gamienator-0
                        So let's go back to your statement above

                        While the IP Address 8.8.8.8 is pingable, I can't reach google.com for example and can't ping that server

                        In the OpenVPN server settings you have "Redirect gateway" checked to route all clients upstream traffic over the VPN?

                        If you go to Diagnostic > Ping on pfSense can you ping both?

                        Gamienator 0G 1 Reply Last reply Reply Quote 0
                        • Gamienator 0G
                          Gamienator 0 @viragomann
                          last edited by Gamienator 0

                          @viragomann

                          Yes. My client connected via OVPN can Ping 8.8.8.8

                          it can resolve Google.com (216.58.212.163), but cant Ping it.

                          In diagnostic, Ping in the Browser the pfsense can resolv and Ping all.

                          And yes. Checkmark is in to redirect all traffic

                          V 1 Reply Last reply Reply Quote 0
                          • V
                            viragomann @Gamienator 0
                            last edited by

                            @gamienator-0
                            That's pretty strange. No idea why it could behave like that.
                            If access to 8.8.8.8 succeed, 216.58.212.163 should work as well if it works from pfSense itself.

                            Post the clients IPv4 routing table, please.

                            For testing you should disable pfBlockerNG and squid if available.

                            Gamienator 0G 1 Reply Last reply Reply Quote 0
                            • Gamienator 0G
                              Gamienator 0 @viragomann
                              last edited by

                              @viragomann Thanks, so I'm not the only one confused.

                              Here is the routing table:

                              IPv4-Routentabelle
                              ===========================================================================
                              Aktive Routen:
                                   Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
                                        0.0.0.0          0.0.0.0       172.30.3.1      172.30.3.26     25
                                        0.0.0.0        128.0.0.0         10.0.9.1         10.0.9.2    257
                                       10.0.9.0    255.255.255.0   Auf Verbindung          10.0.9.2    257
                                       10.0.9.2  255.255.255.255   Auf Verbindung          10.0.9.2    257
                                     10.0.9.255  255.255.255.255   Auf Verbindung          10.0.9.2    257
                                  91.47.238.173  255.255.255.255       172.30.3.1      172.30.3.26    281
                                      127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    331
                                      127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    331
                                127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
                                      128.0.0.0        128.0.0.0         10.0.9.1         10.0.9.2    257
                                   172.28.224.0    255.255.240.0   Auf Verbindung      172.28.224.1    271
                                   172.28.224.1  255.255.255.255   Auf Verbindung      172.28.224.1    271
                                 172.28.239.255  255.255.255.255   Auf Verbindung      172.28.224.1    271
                                     172.30.3.0    255.255.255.0   Auf Verbindung       172.30.3.26    281
                                    172.30.3.26  255.255.255.255   Auf Verbindung       172.30.3.26    281
                                   172.30.3.255  255.255.255.255   Auf Verbindung       172.30.3.26    281
                                    192.168.0.0    255.255.255.0   Auf Verbindung       192.168.0.5    271
                                    192.168.0.5  255.255.255.255   Auf Verbindung       192.168.0.5    271
                                  192.168.0.255  255.255.255.255   Auf Verbindung       192.168.0.5    271
                                      224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    331
                                      224.0.0.0        240.0.0.0   Auf Verbindung          10.0.9.2    257
                                      224.0.0.0        240.0.0.0   Auf Verbindung       192.168.0.5    271
                                      224.0.0.0        240.0.0.0   Auf Verbindung       172.30.3.26    281
                                      224.0.0.0        240.0.0.0   Auf Verbindung      172.28.224.1    271
                                255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
                                255.255.255.255  255.255.255.255   Auf Verbindung          10.0.9.2    257
                                255.255.255.255  255.255.255.255   Auf Verbindung       192.168.0.5    271
                                255.255.255.255  255.255.255.255   Auf Verbindung       172.30.3.26    281
                                255.255.255.255  255.255.255.255   Auf Verbindung      172.28.224.1    271
                              ===========================================================================
                              
                              Bob.DigB V 2 Replies Last reply Reply Quote 0
                              • Bob.DigB
                                Bob.Dig LAYER 8 @Gamienator 0
                                last edited by

                                @gamienator-0 said in No acces to Internet when connected to oVPN:

                                10.0.9.1

                                What is it? Why we are talking in English here...

                                Gamienator 0G 1 Reply Last reply Reply Quote 0
                                • Gamienator 0G
                                  Gamienator 0 @Bob.Dig
                                  last edited by

                                  @bob-dig 10.0.9.1 is the Gateway. The virtual Network of that oVPN is 10.0.9.0/24

                                  Bob.DigB 1 Reply Last reply Reply Quote 0
                                  • Bob.DigB
                                    Bob.Dig LAYER 8 @Gamienator 0
                                    last edited by

                                    @gamienator-0 So when you talked about your oVPN client you meant a Client on your Windows Machine connecting to where?

                                    Gamienator 0G 1 Reply Last reply Reply Quote 0
                                    • V
                                      viragomann @Gamienator 0
                                      last edited by

                                      @gamienator-0
                                      So the routes look well. Hence packets to both IPs, 8.8.8.8 and 216.58.212.163, should go over the VPN.

                                      Sniff the traffic on pfSense OpenVPN interface using Packet Capture to verify this.

                                      Gamienator 0G 1 Reply Last reply Reply Quote 0
                                      • Gamienator 0G
                                        Gamienator 0 @Bob.Dig
                                        last edited by Gamienator 0

                                        @bob-dig Exactly. It connects to the pfsense Box at home. The oVPN Client on my Windows Machine has 10.9.0.2 as an IP Adress and can reach all internal IPs (LAN has 10.0.0.0/21 and the LAN IP Address of the pfsense is 10.0.7.1 and is reachable)

                                        Bob.DigB 1 Reply Last reply Reply Quote 0
                                        • Bob.DigB
                                          Bob.Dig LAYER 8 @Gamienator 0
                                          last edited by

                                          @gamienator-0 I can't follow anymore. Maybe @viragomann is still on board. 😅

                                          Gamienator 0G 1 Reply Last reply Reply Quote 0
                                          • Gamienator 0G
                                            Gamienator 0 @Bob.Dig
                                            last edited by Gamienator 0

                                            @bob-dig

                                            Alright:

                                            Internal Network on my pfSense: 10.0.0.0/21 and the pfsense got LAN 10.0.7.1.

                                            I'm outside of my home, and connecting to the oVPN Server. The oVPN Network is 10.9.0.0/24, and my windows client, which I'm connecting via the OpenVPN Client receives the IP-Address 10.9.0.2.

                                            What else are you confused? I'm more then happy to clarify that :)

                                            Aaah I see, I had a typo in my previous post. Sorry. I edited that

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.