I have pfSense box behind ADSL Router on WAN interface and Network switch on LAN interface.
Internet (ADSL) 192.168.1.1<->192.168.1.2 WAN(pfSense) / LAN(pfSense) 192.168.0.1 - > Switch => (192.168.0.0/24 Local Net)
The OpenVPN server runs fine, but when I decide to route all trafic trow it, nothing happends.
The roadwarior connects ok.
I see all things in local net (print, shares, etc.).
Also can connect to pfSense web interface.
But when I whant to check mail or brouse in internet it is no traffic.
Roadwarior -> Windows 7 with GUI - behind router ; local network 192.168.4.0/24
This is my server configuration:
address poll: 192.168.200.0/24
Local network: 192.168.0.0/24
Authentication method: PKI
DHCP-Opt.: DNS-Domainname ->is set!
Lzo Compression: -> Check.
Custom Opt.: push "dhcp-option DNS 192.168.0.1"; push "redirect-gateway def1" (here I try DNS with 192.168.200.1 and aslo 192.168.200.5 but it is the same).
remote address 1194
WAN: allow 1194; Block ICMP, Block IGMP, Block private networks
LAN: allow all to all; 192.168.200.0/24 to all;
WAN -> source: 192.168.0.0/24
WAN -> source: 192.168.200.0/24
There is DNS, because it resolve names, but when I make:
in command promt
the first hop is 192.168.200.1
and after that is no hops.
The windows interface is with dhcp 192.168.200.5 IP 192.168.200.6 DNS 192.168.0.1
I Try many things from this forum and from google but nothing work. Please suggest descision.
P.P.: Sorry for my English.
GruensFroeschli last edited by
You probably need to enable Advanced outbound NAT (firewall –> NAT --> outbound) and create a rule to NAT your OpenVPN subnet to the WAN.
This is the rull: WAN -> source: 192.168.200.0/24 (see attached jpg)
This is the OpenVpn network. Am I right?
Finaly. It works!
I don't know what was the problem. I just made again the configuration.
ericab last edited by
i wish we could have known what the problem was, because i am having the exact same issue.
i can connect to my 3rd party VPN provider just fine.
from the pfSense web-ui, if i tracert to google for example, i see its going through my tunnel.
when i use a computer in my LAN, my desktop for example, nothing !
ive recently switched from Endian Firewall to pfsense, and when i was using Endian, id establish the VPN tunnel.
then try from LAN and nothing worked, UNTILL, i entered:
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
after this everything was tunneled through my VPN.
are the 2 above iptable rules the solution to my problem ?
some background about my pfsense setup:
it is a fresh install. the only changes to the web-ui are:
added the CA in the cert manager
added a VPN client.
vpn establishes just fine.
in the firewall rules page, LAN is set to allow all OUT, and allow all IN.
the WAN page has 2 rules already installed; 1 for not allowing private networks, and another for bogon nets
in the openvpn log, it automatically pushes routes and appends them to my routing table. (see screenshot below)
here are a few screenshots:
first set is from my Endian Firewall which worked. the vpn tunnel has been started.
(note: ip's have been edited.)
vpn initialization sequence:
finally my pfSense box, the vpn tunnel has been started.
vpn initialization sequence:
It is no needed to write iptables commands. Every thing is in web GUI (except the real WAN addres when you use DynDNS and pfSense behind router - it is a little change in one config file)
I attached my config.
See the firewall rules.
What is your client local network?
and what is your local network (LAN) for pfSense?
If these two netwokrs are equal as 192.168.0.0/24 for the client and for the pfSense LAN
I saw that is problem. the client don't know where to find as example 192.168.0.3.
But with extra options to redirect all traffic trow vpn is OK.
That's why I change my local net for the client to 192.168.4.0/24
Look the tutorial and do it as it is writen in http://forum.pfsense.org/index.php?topic=7840.msg44065
Then look my config, and aslo the client config in the first post.
If this not help reboot the system. (i found that some times the firewall rules are not get on when i change them)
The NAT thing is important and aslo the firewall rules and networks (local, address poll, …)
when do this connect from the client and tracert some web site and see if this is routed trow vpn or not.
I aslo has a problem with seeing local network services - i see the clients but can't print, brouse shares and etc.
I make the fire wall rules and every thing is ok now and with the nat thinks i have all traffic routed trow vpn.
and the other part of my config