No acces to Internet when connected to oVPN
-
Hello everyone,
I just can't find the issue. My two pfSenses have a weird Issue I can't fix. Both of them running pfBlockerNG in addition for Adblocking. After an mistyke from me I deleted one of my OpenVPN Servers and created via the Wizard a new one. And now I don't have full Internetaccess over that OpenVPN connection.
While the IP Address 8.8.8.8 is pingable, I can't reach google.com for example and can't ping that server. I'm out of ideas. Can someone help me out and give me input what could be the issue?
Thanks!
-
@gamienator-0
Seems the client is unable the resolve host names.If you provide a DNS server in the OpenVPN settings ensure that it is reachable from the client, that the route is set properly and that the DNS servers ACL allow access from the OpenVPN clients.
-
@viragomann Thats the point, it can resolve it. But there is no connection for some reason. And I don't habe any blocking ACLs :(
As you can see, there are my Rules, WAN2, WAN, OpenVPN, LAN.
Do I oversee something?
The one Blocking Rule is a alias of two IP Adresses, which I don't want to connect to the web :)
-
@gamienator-0 said in No acces to Internet when connected to oVPN:
Thats the point, it can resolve it.
Did you verify this?
-
@viragomann yes, I tried several hostnames, all were able to be resolved
-
@gamienator-0
So can you provide some more details about your set up, please?@gamienator-0 said in No acces to Internet when connected to oVPN:
My two pfSenses have a weird Issue I can't fix.
How are the two boxes involved into this issue?
Do you have the same issue on both? Or are the connected by a site-to-site VPN?
Is it an access server and you are connecting from a client computer? -
The setup is the following. At Home I use one pfsense. My second pfsense box is on a dedicated root Server. This pfsenses are not connected, I use the pfsense on the root Server only to have an Adblock on my iPhone, since my Home Internet is not stable atm.
This Problem started on my Home pfsense 4 months ago. On my root Server pfsense two werks ago, where I had to setup the vpn Server again After an expiring certificate and accidantly resetting the pfsense CA.
I don't Really remeber why it broke at Home, but I remember on the root Server. There are two ovpn Server running, one on Port 1194 and the other on 11194. After deleting the Server 11194 and rerunning the Wizard none of the ovpn Servers are going me Internet While i'm connected
-
@gamienator-0
And we are talking about the root server here or about your home box?
Interface names like TELEKOMPPOE or VODAFON... doesn't sound like a root server connection to me at all.And you're connecting to one of these from your phone if I go you correctly?
-
@viragomann we're talking about both. But year, I showed you only the Home box. So to clarify, I got the no interner While connected von on both boxes, but to night I debugge only on the Home box because I beleive there is a missing rule which got deleted While deleting the ovpn Server or the Wizard did a Mess?
I tried it with several clients, my iPhone, my Notebook. All with OpenVPN Connect
-
@gamienator-0
So let's go back to your statement aboveWhile the IP Address 8.8.8.8 is pingable, I can't reach google.com for example and can't ping that server
In the OpenVPN server settings you have "Redirect gateway" checked to route all clients upstream traffic over the VPN?
If you go to Diagnostic > Ping on pfSense can you ping both?
-
Yes. My client connected via OVPN can Ping 8.8.8.8
it can resolve Google.com (216.58.212.163), but cant Ping it.
In diagnostic, Ping in the Browser the pfsense can resolv and Ping all.
And yes. Checkmark is in to redirect all traffic
-
@gamienator-0
That's pretty strange. No idea why it could behave like that.
If access to 8.8.8.8 succeed, 216.58.212.163 should work as well if it works from pfSense itself.Post the clients IPv4 routing table, please.
For testing you should disable pfBlockerNG and squid if available.
-
@viragomann Thanks, so I'm not the only one confused.
Here is the routing table:
IPv4-Routentabelle =========================================================================== Aktive Routen: Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik 0.0.0.0 0.0.0.0 172.30.3.1 172.30.3.26 25 0.0.0.0 128.0.0.0 10.0.9.1 10.0.9.2 257 10.0.9.0 255.255.255.0 Auf Verbindung 10.0.9.2 257 10.0.9.2 255.255.255.255 Auf Verbindung 10.0.9.2 257 10.0.9.255 255.255.255.255 Auf Verbindung 10.0.9.2 257 91.47.238.173 255.255.255.255 172.30.3.1 172.30.3.26 281 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331 128.0.0.0 128.0.0.0 10.0.9.1 10.0.9.2 257 172.28.224.0 255.255.240.0 Auf Verbindung 172.28.224.1 271 172.28.224.1 255.255.255.255 Auf Verbindung 172.28.224.1 271 172.28.239.255 255.255.255.255 Auf Verbindung 172.28.224.1 271 172.30.3.0 255.255.255.0 Auf Verbindung 172.30.3.26 281 172.30.3.26 255.255.255.255 Auf Verbindung 172.30.3.26 281 172.30.3.255 255.255.255.255 Auf Verbindung 172.30.3.26 281 192.168.0.0 255.255.255.0 Auf Verbindung 192.168.0.5 271 192.168.0.5 255.255.255.255 Auf Verbindung 192.168.0.5 271 192.168.0.255 255.255.255.255 Auf Verbindung 192.168.0.5 271 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331 224.0.0.0 240.0.0.0 Auf Verbindung 10.0.9.2 257 224.0.0.0 240.0.0.0 Auf Verbindung 192.168.0.5 271 224.0.0.0 240.0.0.0 Auf Verbindung 172.30.3.26 281 224.0.0.0 240.0.0.0 Auf Verbindung 172.28.224.1 271 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331 255.255.255.255 255.255.255.255 Auf Verbindung 10.0.9.2 257 255.255.255.255 255.255.255.255 Auf Verbindung 192.168.0.5 271 255.255.255.255 255.255.255.255 Auf Verbindung 172.30.3.26 281 255.255.255.255 255.255.255.255 Auf Verbindung 172.28.224.1 271 ===========================================================================
-
@gamienator-0 said in No acces to Internet when connected to oVPN:
10.0.9.1
What is it? Why we are talking in English here...
-
@bob-dig 10.0.9.1 is the Gateway. The virtual Network of that oVPN is 10.0.9.0/24
-
@gamienator-0 So when you talked about your oVPN client you meant a Client on your Windows Machine connecting to where?
-
@gamienator-0
So the routes look well. Hence packets to both IPs, 8.8.8.8 and 216.58.212.163, should go over the VPN.Sniff the traffic on pfSense OpenVPN interface using Packet Capture to verify this.
-
@bob-dig Exactly. It connects to the pfsense Box at home. The oVPN Client on my Windows Machine has 10.9.0.2 as an IP Adress and can reach all internal IPs (LAN has 10.0.0.0/21 and the LAN IP Address of the pfsense is 10.0.7.1 and is reachable)
-
@gamienator-0 I can't follow anymore. Maybe @viragomann is still on board.
-
Alright:
Internal Network on my pfSense: 10.0.0.0/21 and the pfsense got LAN 10.0.7.1.
I'm outside of my home, and connecting to the oVPN Server. The oVPN Network is 10.9.0.0/24, and my windows client, which I'm connecting via the OpenVPN Client receives the IP-Address 10.9.0.2.
What else are you confused? I'm more then happy to clarify that :)
Aaah I see, I had a typo in my previous post. Sorry. I edited that