TorGaurd VPN no longer working
-
When running pfSense 2.7.2 I had a jail in my TrueNAS server setup to connect to the internet only through my VPN and it worked perfectly. After updating to pfSense 23.09.1 I can not get it to work.
My Gateway (TG_VPN_VPNV4, 10.34.0.13) says it is Online.
OpenVPN is reporting the Client is up (virtual address 10.34.0.14)My LAN rule to force the TrueNAS jail to only communicate through the VPN hasn't changed.
If either one, or both of these rules are enabled I can not ping google.com from the jail (ip of the jail is 192.168.30.117) which tells me the second rule must be working. If both rules are disabled I can ping google from the jail. -
Start a ping from the jail then check the states in pfSense. Make sure it's opening the expected states on LAN and the OpenVPN interface.
Steve
-
Update your FreeBSD jail also are you using iocage or something else?
-
@stephenw10 Hello Steve,
I guess I don't know what the expected states should be, but this is the LAN:
And this is the TG_VPN interface:
-
That's not a ping (should be icmp) it's just a DNS query.
Try to ping something you are not using link 1.1.1.1.
Then filter the state table for
1.1.1.1on all interfaces. -
@stephenw10
Hello Steve, could give a little more details on what you'd like me to do?
Thnx -
On 192.168.30.117 start a continuous ping to 1.1.1.1.
Then in pfSense check the states that have been opened to 1.1.1.1:
On your system that ping should go via the TG_VPN interface.
-
@stephenw10 From the terminal window of 192.168.30.117 I pinged 1.1.1.1 and I get the following:
-
Ok, there's no outbound NAT happening on the VPN interface. That is probably required unless you have control of the other end of the tunnel and are NATing traffic there?
I expect it to add outbound NAT rules on a dynamic interface like that so check Firewall > NAT > Outbound. Make sure you have OBN set to automatic or hybrid mode.
-
@stephenw10 Started to work perfectly as soon as I set the outbound NAT!
Thank you so much for your patience and your help! I've been using pfSense for quite some time now and I am slowly learning the ins and outs. Unfortunately sometime when I come to the forum the responders to my questions imply I'm an idiot for asking a question and that it is sorely lacking any relevant information. I guess they don't know we all have to start somewhere and if I was as smart as I should be I wouldn't be asking any questions!
Thanks again for your help.
