Openvpn set up, cannot browse the internet

  • Sup!


    • I have set up OpenVPN and it's connecting fine and giving me IP information.
    • I have push "redirect-gateway def1" in the custom options so that the VPN becomes the default gateway, routing table is fine when connected.
    • I can reach pfSense and the LAN segment from the "pool" segment just fine (RDP, Ping, HTTP, etc).
    • I get DNS replies from pfSense when testing with nslookup.
    • I have an allow any from any to any rule on the LAN interface.


    • I cannot reach VPN clients from the LAN segment.
    • I cannot browse the internet or reach anything outside of the LAN segment.

    Any ideas?


  • For the first, do the LAN hosts use the pfSense host as their default gateway, and if not have you provided a static route for the VPN subnet?

    For the second, does your router know how to route traffic to the VPN subnet?

  • Yes, pfSense is the default gateway for the LAN segment.

    I'm not sure i understand your second question.

    When i try to access a vpn client from the lan segment psSense sends it out its default gateway rather than through the tunnel:

    Tracing route to over a maximum of 30 hops

      2  200.
      3  200.

    • is a vpn client.
    • is the adsl modem/router. This router is configured forward everything to the pfSense interface ( using the DMZ option.

    A vpn client trying to access the internet returns this:

    Tracing route to over a maximum of 30 hops

      2    *

    So traffic is dying at the pfSense, which doesn't seem to know what to do with it.

  • You need advanced outbound NAT to NAT the OpenVPN subnet to get to the Internet.

  • Ah!

    So that's what i was missing.

    I created the rule and reconnected the VPN and everything is working fine.

    Thanks a lot cmb!

Log in to reply