Openvpn set up, cannot browse the internet



  • Sup!

    Setup:

    • I have set up OpenVPN and it's connecting fine and giving me IP information.
    • I have push "redirect-gateway def1" in the custom options so that the VPN becomes the default gateway, routing table is fine when connected.
    • I can reach pfSense and the LAN segment from the "pool" segment just fine (RDP, Ping, HTTP, etc).
    • I get DNS replies from pfSense when testing with nslookup.
    • I have an allow any from any to any rule on the LAN interface.

    Problem:

    • I cannot reach VPN clients from the LAN segment.
    • I cannot browse the internet or reach anything outside of the LAN segment.

    Any ideas?

    Thanks!



  • For the first, do the LAN hosts use the pfSense host as their default gateway, and if not have you provided a static route for the VPN subnet?

    For the second, does your router know how to route traffic to the VPN subnet?



  • Yes, pfSense is the default gateway for the LAN segment.

    I'm not sure i understand your second question.

    When i try to access a vpn client from the lan segment psSense sends it out its default gateway rather than through the tunnel:

    Tracing route to 10.0.2.6 over a maximum of 30 hops

    0  10.0.1.3
      1  192.168.1.1
      2  200.
      3  200.

    • 10.0.2.6 is a vpn client.
    • 192.168.1.1 is the adsl modem/router. This router is configured forward everything to the pfSense interface (192.168.1.2) using the DMZ option.

    A vpn client trying to access the internet returns this:

    Tracing route to 4.2.2.2 over a maximum of 30 hops

    0  10.0.2.6
      1  10.0.2.1
      2    *

    So traffic is dying at the pfSense, which doesn't seem to know what to do with it.



  • You need advanced outbound NAT to NAT the OpenVPN subnet to get to the Internet.



  • Ah!

    So that's what i was missing.

    I created the rule and reconnected the VPN and everything is working fine.

    Thanks a lot cmb!


Log in to reply