Openvpn set up, cannot browse the internet

hacktek

Sup!

Setup:

• I have set up OpenVPN and it's connecting fine and giving me IP information.
• I have push "redirect-gateway def1" in the custom options so that the VPN becomes the default gateway, routing table is fine when connected.
• I can reach pfSense and the LAN segment from the "pool" segment just fine (RDP, Ping, HTTP, etc).
• I get DNS replies from pfSense when testing with nslookup.
• I have an allow any from any to any rule on the LAN interface.

Problem:

• I cannot reach VPN clients from the LAN segment.
• I cannot browse the internet or reach anything outside of the LAN segment.

Any ideas?

Thanks!

Cry Havok

For the first, do the LAN hosts use the pfSense host as their default gateway, and if not have you provided a static route for the VPN subnet?

For the second, does your router know how to route traffic to the VPN subnet?

hacktek

Yes, pfSense is the default gateway for the LAN segment.

I'm not sure i understand your second question.

When i try to access a vpn client from the lan segment psSense sends it out its default gateway rather than through the tunnel:

Tracing route to 10.0.2.6 over a maximum of 30 hops

0  10.0.1.3
  1  192.168.1.1
  2  200.
  3  200.

• 10.0.2.6 is a vpn client.
• 192.168.1.1 is the adsl modem/router. This router is configured forward everything to the pfSense interface (192.168.1.2) using the DMZ option.

A vpn client trying to access the internet returns this:

Tracing route to 4.2.2.2 over a maximum of 30 hops

0  10.0.2.6
  1  10.0.2.1
  2    *

So traffic is dying at the pfSense, which doesn't seem to know what to do with it.

cmb

You need advanced outbound NAT to NAT the OpenVPN subnet to get to the Internet.

hacktek

Ah!

So that's what i was missing.

I created the rule and reconnected the VPN and everything is working fine.

Thanks a lot cmb!