Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn set up, cannot browse the internet

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hacktek
      last edited by

      Sup!

      Setup:

      • I have set up OpenVPN and it's connecting fine and giving me IP information.
      • I have push "redirect-gateway def1" in the custom options so that the VPN becomes the default gateway, routing table is fine when connected.
      • I can reach pfSense and the LAN segment from the "pool" segment just fine (RDP, Ping, HTTP, etc).
      • I get DNS replies from pfSense when testing with nslookup.
      • I have an allow any from any to any rule on the LAN interface.

      Problem:

      • I cannot reach VPN clients from the LAN segment.
      • I cannot browse the internet or reach anything outside of the LAN segment.

      Any ideas?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        For the first, do the LAN hosts use the pfSense host as their default gateway, and if not have you provided a static route for the VPN subnet?

        For the second, does your router know how to route traffic to the VPN subnet?

        1 Reply Last reply Reply Quote 0
        • H
          hacktek
          last edited by

          Yes, pfSense is the default gateway for the LAN segment.

          I'm not sure i understand your second question.

          When i try to access a vpn client from the lan segment psSense sends it out its default gateway rather than through the tunnel:

          Tracing route to 10.0.2.6 over a maximum of 30 hops

          0  10.0.1.3
            1  192.168.1.1
            2  200.
            3  200.

          • 10.0.2.6 is a vpn client.
          • 192.168.1.1 is the adsl modem/router. This router is configured forward everything to the pfSense interface (192.168.1.2) using the DMZ option.

          A vpn client trying to access the internet returns this:

          Tracing route to 4.2.2.2 over a maximum of 30 hops

          0  10.0.2.6
            1  10.0.2.1
            2    *

          So traffic is dying at the pfSense, which doesn't seem to know what to do with it.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            You need advanced outbound NAT to NAT the OpenVPN subnet to get to the Internet.

            1 Reply Last reply Reply Quote 0
            • H
              hacktek
              last edited by

              Ah!

              So that's what i was missing.

              I created the rule and reconnected the VPN and everything is working fine.

              Thanks a lot cmb!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.