Standard OVPN setup question
-
Very new to pfS, I've been at it for about a week now, and just felt ready to actually deploy it to replace my home router Saturday evening.
So far everything appears to be working, but I used to have VPN access to my network and no longer do. So I took the OpenVPN Wizard for a spin and everything seemed to set up and run correctly.
When I connected from outside the network this morning with the official OVPN client it connected almost instantly and stayed connected all day; however, I was not able to see, browse, ping, or remote into ANY clients on my home network.
Would definitely appreciate some pointers.
In taking screenshots, I just noticed that there is an ANY-ANY-ANY rule under OpenVPN in my firewall settings, but the actual VPN adapter has no rules, is that how it's supposed to be?
Here's pics of my settings.
-
@tknospdr said in Standard OVPN setup question:
When I connected from outside the network this morning with the official OVPN client it connected almost instantly and stayed connected all day; however, I was not able to see, browse, ping, or remote into ANY clients on my home network.
Does it work when you tell it to push all your IPv4 traffic through the OVPN connection?
-
That would be checking the box here, right?
Force all client-generated IPv4 traffic through the tunnel.
I'll try it but can't test till tomorrow when I get back to work unless you know a trick to test when you're already on the local network.
-
@tknospdr Yep
You don't want to test a VPN from inside the network. You could tether to a cell phone, though, for testing.
-
Good call on the cell phone tether.
Yes, with that option checked I can see everything, I'm guessing I don't really want that option in a perfect world though as it will slow down everything else I do on the Internet. -
@tknospdr Then what it suggests is you have something in the config (your local IPv4 networks) that is causing trouble compared to your other routes.
Try tethering again but with the redirect turned off.
you could have IPv4 network overlaps
-
I'll try it again tonight when I get home.
When you say network overlaps, are you talking about subnets?What I have configured on the pfS box is 192.168.2.0, 10.100.10.0, 10.100.20.0, and the VPN is using 192.168.3.0.
-
@tknospdr What is the network you're using to get online using for it's range? What is the computer? Windows? Linux? macOS? can you ping through to pfSense (use Diag>Packet Capture to see) if it is clearing the OVPN link and dying on the firewall it's a server-side issue; if it is not routing at all through OVPN its a local client issue. Since doin the "full tunnel" test worked I suspect it's an issue specific to your device you're connecting from. Maybe it has one of those networks manually entered on an interface (static ETH?) or there's an overlapping network locally.
All of those things can cause issues trying to route traffic over a VPN.
-
@rcoleman-netgate said in Standard OVPN setup question:
@tknospdr What is the network you're using to get online using for it's range?
192.168.123.0
What is the computer? Windows? Linux? macOS?
macOS
can you ping through to pfSense (use Diag>Packet Capture to see)
I assume you mean after I turn off the redirect again, right?
if it is clearing the OVPN link and dying on the firewall it's a server-side issue; if it is not routing at all through OVPN its a local client issue.
I'll test and report back.
Since doin the "full tunnel" test worked I suspect it's an issue specific to your device you're connecting from. Maybe it has one of those networks manually entered on an interface (static ETH?) or there's an overlapping network locally.
I don't think so, but I'll keep snooping.
All of those things can cause issues trying to route traffic over a VPN.
Thanks for the help so far.
-
I found an unused "guest network" on my AP. Nobody is connected to it (wifi is off and no ports on its switch are filled), but its DHCP server was serving out addresses on 192.168.2.0.
I turned off DHCP on it and I'm still able to connect and contact other hosts after recinding the redirect.
So that may have been what was causing it.
I'll see how it goes over the next few days.Thanks for the help!
-
@tknospdr You're welcome.
-
I can confirm after several days of work that the VPN has been rock solid and speedy with the 'redirect all traffic' box unchecked since I killed that sneaky DHCP server on my AP.
Glad this forum is here!