Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Client Can Load Some (But Not All) Websites

    OpenVPN
    1
    2
    390
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spiceygas
      last edited by spiceygas

      pfSense 2.6.0-RELEASE

      I setup an OpenVPN server

      • Self signed server certificate
      • User authentication with both password + certificate
      • Gave it a unique subnet (10.10.250.0/24)
      • Forced all IPv4 traffic through the VPN (I'm not using IPv6)
      • Provided DNS servers to the client (Google's 8.8.8.8 and 8.8.4.4)
      • Setup a firewall rule on the OpenVPN interface to allow all traffic to all destinations.
      • Setup a firewall rule on the WAN interface to allow inbound OpenVPN UDP traffic to connect on port 1194.
      • Verified that the automatic system NAT rule includes the 10.10.250.0/24 subnet.

      I then exported the client configuration for Android and installed it on an Android (v12) device running the current version of OpenVPN app (installed via Google Play store).

      The client connects just fine (using a 5G cell network). Here's the connection message from the sys log:

      myvpn_openvpn_user/172.102.13.62:15254 SENT CONTROL [myvpn_openvpn_user]: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1,route-gateway 10.10.250.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.10.250.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)

      On the client, some websites load and others won't. For example, https://wikipedia.org loads just fine, but https://google.com won't load.

      From the client, I verified that I can ping google.com (142.250.190.78), so I'm pretty sure it's not a DNS issue. And traffic is making it out through the WAN, because the DNS resolution and ping both succeeded.

      From a PC plugged into the LAN, I verified that websites load without problems. So, it appears to be a unique issue for VPN clients not affecting local clients.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • S
        spiceygas
        last edited by spiceygas

        I found the solution. I set the following on the OpenVPN configuration and now everything is working.

        link-mtu 1400;

        I don't fully understand why that was needed since my network is using the default 1500 MTU, but it solved the problem.

        Shoutout to the support I got on Reddit to resolve the issue.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.