Local Clients unable to access internet after successfully setting up OpenVPN
-
I was able to successfully setup a VPN connection to my network yesterday. ever since then, none of my internal clients can access the internet.
I can Still VPN in and browse the local network that i have pushed to the VPN clients.
I can connect to my file server via rdp, and i can even connect to my slingbox. (from an external location)The internal network IP address pool is 10.10.10.x
The IP address for the VPN pool is 10.10.11.xThe only two changes i made to my firewall rules are :
1: under the WAN section i created a rule to allow Protocol : UDP, Source:any, Port:any, Destination:any to Port 1194
2: Under the LAN section created a rule for the (Source)VPN IP allocation of 10.10.11.0/24 to my file server's IP addres of 10.10.10.2i am preety new to this, but i am a swift learner.
Can anyone help my further diagnose/troubleshoot this problem?for the time being i have to VPN into my pc's to get the stuff i need. lmao.
-
After some more research i found this.
Every locally connected subnet, whether defined and reachable via a static route or attached to a LAN or OPT interface, will have its outbound traffic leaving any WAN interfaces NATed to that WAN interface's IP. You can change this behavior by enabling Advanced Outbound NAT (AON) but this is usually unnecessary and adds unneeded complexity.
For OpenVPN if you want the OpenVPN subnet NAT'ed to WAN, you will have to use AON.I Did some adjustments. I enabled the advances Outbound Nat and i put in rules for the following
Interface : WAN Source : 10.10.10.0/24 (which is my local lan)
the Source port, destination, destination port, Nat address, nat port are *'si also did the same for my VPN address pool 10.10.11.0/24
i am still unable to get internet on my local machines :-(
-
When you say internet, is it a DNS issue or just not access at all.
for example,
ping google.co.uk
should return on the first line
PING google.co.uk (209.85.229.147) 56(84) bytes of data.
if you get the IP you have the DNS ok
if you dont try
ping 209.85.229.147 and see if that works.
One work around could be delete all the AON and turn auto nat back on. From what i remember when setting mine up it will auto generate everything you need for the lan and vpn so you shouldn't need to add anything in your scenario
-
After some more research i found this.
Every locally connected subnet, whether defined and reachable via a static route or attached to a LAN or OPT interface, will have its outbound traffic leaving any WAN interfaces NATed to that WAN interface's IP. You can change this behavior by enabling Advanced Outbound NAT (AON) but this is usually unnecessary and adds unneeded complexity.
For OpenVPN if you want the OpenVPN subnet NAT'ed to WAN, you will have to use AON.I Did some adjustments. I enabled the advances Outbound Nat and i put in rules for the following
Interface : WAN Source : 10.10.10.0/24 (which is my local lan)
the Source port, destination, destination port, Nat address, nat port are *'si also did the same for my VPN address pool 10.10.11.0/24
i am still unable to get internet on my local machines :-(
That would be needed if you are going to route all traffic through the VPN, including regular internet traffic. If you do want to do this, I would suggest installing the OpenVPN enhancement package for 1.2.3 and check the "Redirect Gateway" option. If you are running pfSense version 2.0-rc1, the Redirect Gateway option is already present.
If you do not want to route all traffic through the VPN, rather only the traffic that needs to go through it (like the above mentioned RDP and slingbox management), then you are wanting to setup split VPN. Regular internet traffic (for example youtube or google) doesn't go through the VPN, but when you try managing your slingbox, that will go over the VPN.
What OS and/or distro are you running on the client? I noticed a similar issue with split VPN that ended up being due to a setting in Ubuntu's Network Manager. Basically, the more info you give, the easier it will be to help you.