Openvpn set up, cannot browse the internet
-
Sup!
Setup:
- I have set up OpenVPN and it's connecting fine and giving me IP information.
- I have push "redirect-gateway def1" in the custom options so that the VPN becomes the default gateway, routing table is fine when connected.
- I can reach pfSense and the LAN segment from the "pool" segment just fine (RDP, Ping, HTTP, etc).
- I get DNS replies from pfSense when testing with nslookup.
- I have an allow any from any to any rule on the LAN interface.
Problem:
- I cannot reach VPN clients from the LAN segment.
- I cannot browse the internet or reach anything outside of the LAN segment.
Any ideas?
Thanks!
-
For the first, do the LAN hosts use the pfSense host as their default gateway, and if not have you provided a static route for the VPN subnet?
For the second, does your router know how to route traffic to the VPN subnet?
-
Yes, pfSense is the default gateway for the LAN segment.
I'm not sure i understand your second question.
When i try to access a vpn client from the lan segment psSense sends it out its default gateway rather than through the tunnel:
Tracing route to 10.0.2.6 over a maximum of 30 hops
0 10.0.1.3
1 192.168.1.1
2 200.
3 200.- 10.0.2.6 is a vpn client.
- 192.168.1.1 is the adsl modem/router. This router is configured forward everything to the pfSense interface (192.168.1.2) using the DMZ option.
A vpn client trying to access the internet returns this:
Tracing route to 4.2.2.2 over a maximum of 30 hops
0 10.0.2.6
1 10.0.2.1
2 *So traffic is dying at the pfSense, which doesn't seem to know what to do with it.
-
You need advanced outbound NAT to NAT the OpenVPN subnet to get to the Internet.
-
Ah!
So that's what i was missing.
I created the rule and reconnected the VPN and everything is working fine.
Thanks a lot cmb!