No gateway when connected



  • My goal with OpenVPN is to connect from a remote location, to my pfSense box, and have all of my traffic routed through that VPN connection, and out to the internet.
    I will use this when at a wi-fi hotspot, or untrusted location and need internet access.

    I used pfSense: The Definitive Guide to help me setup my pfSense firewall, and so far so good.

    I am running 1.2.3, but have ran into an issue now that I'm trying to setup OpenVPN.

    I went through the steps in Chapter 15 of the book, on how to create certificates, and setup the OpenVPN server portion.

    The setup so far is as follows.

    2 physical interfaces.  1 for WAN, 1 for LAN.

    IP scheme of LAN is 10.80.0.0/28

    IP scheme of OpenVPN is 10.80.99.0/28

    For OpenVPN I have the following options set…


    I added the firewall rule on the WAN interface to allow inbound traffic on that port to the OpenVPN server.

    I went to the next section of the book on "Filtering and NAT with OpenVPN COnnections."

    "By default, pfSense adds rules to the tun or tap interfaces being used by OpenVPN to allow all traffic
    in from connected OpenVPN clients."  I don't have the box checked to disable this, but I didn't have any rules created when I setup OpenVPN.

    I went ahead and assigned tun0 to an optional interface.

    "First check the Enable interface box at the
    top of the page, and enter an appropriate description in the Description field. In the IP address box
    enter none. This is a trick to not configure any IP information on the interface, which is necessary
    since OpenVPN itself must configure these settings on the tun0 interface. Click Save to apply these
    changes. This does nothing to change the functionality of OpenVPN, it simply makes the interface
    available for firewall rule and NAT purposes."

    I type in none, and set the subnet to /28, but after clicking save it reverts back to the following

    "If you simply want to NAT your OpenVPN clients to your WAN IP so they can access the Internet
    using the OpenVPN connection, you need to enable Advanced Outbound NAT and specify an Outbound NAT rule for your Address Pool subnet(s)."

    I don't have any firewall rules setup under the VPN interface, but I don't think I need them….is that correct?

    Test machine is currently running windows 7, and from an external network, I can connect successfully.  I don't have a gateway though.

    What am I missing, or what should I change to get this to work properly?

    Thanks.

    I realized one thing and made the following change.  I will test it again tomorrow and see what happens.


  • Rebel Alliance Developer Netgate

    You could add "redirect-gateway def1;" to the custom options.

    Or use 2.0 where you automatically get a gateway entry for OpenVPN client instances and you can just policy routing to do anything you want.  ;D



  • I will try  "redirect-gateway def1" first to see what happens.  Should it be push "redirect-gateway def1" or just "redirect-gateway def1"

    If that doesn't work, then 2.0 here I come!

    Thank you!


  • Rebel Alliance Developer Netgate

    If you're on the client end, no push, just redirect-gateway def1.

    You only use the push if you're on the server side trying to force a client to do that.



  • good evening,

    i have one question to your related posts.

    i use pfsense 2.0 beta 5 newest version till yet!

    and in openvpn client site is no entry for default gateway.

    all clients can ping and share with local network, with right routes, but the entry for default gw is missing.
    (gateway should be the pfsense openvpn server - in my config is it 10.10.0.1)

    Feb  7 10:56:18 proxyfuck openvpn[15604]: /sbin/ifconfig ovpns1 10.10.0.1 10.10.0.2 mtu 1500 netmask 255.255.255.255 up
    
    

    why it is hiding for me on client site???
    :)


Log in to reply