• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Local Clients unable to access internet after successfully setting up OpenVPN

Scheduled Pinned Locked Moved OpenVPN
4 Posts 3 Posters 2.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    trinybwoy
    last edited by Mar 29, 2011, 6:26 PM

    I was able to successfully setup a VPN connection to my network yesterday. ever since then, none of my internal clients can access the internet.

    I can Still VPN in and browse the local network that i have pushed to the VPN clients.
    I can connect to my file server via rdp, and i can even connect to my slingbox. (from an external location)

    The internal network IP address pool is 10.10.10.x
    The IP address for the VPN pool is 10.10.11.x

    The only two changes i made to my firewall rules are :
    1: under the WAN section i created a rule to allow Protocol : UDP, Source:any, Port:any, Destination:any to Port 1194
    2: Under the LAN section created a rule for the (Source)VPN IP allocation of 10.10.11.0/24 to my file server's IP addres of 10.10.10.2

    i am preety new to this, but i am a swift learner.
    Can anyone help my further diagnose/troubleshoot this problem?

    for the time being i have to VPN into my pc's to get the stuff i need. lmao.

    1 Reply Last reply Reply Quote 0
    • T
      trinybwoy
      last edited by Mar 29, 2011, 9:09 PM

      After some more research i found this.

      Every locally connected subnet, whether defined and reachable via a static route or attached to a LAN or OPT interface, will have its outbound traffic leaving any WAN interfaces NATed to that WAN interface's IP. You can change this behavior by enabling Advanced Outbound NAT (AON) but this is usually unnecessary and adds unneeded complexity.
      For OpenVPN if you want the OpenVPN subnet NAT'ed to WAN, you will have to use AON.

      I Did some adjustments. I enabled the advances Outbound Nat and i put in rules for the following

      Interface : WAN Source : 10.10.10.0/24 (which is my local lan)
      the Source port, destination, destination port, Nat address, nat port are *'s

      i also did the same for my VPN address pool 10.10.11.0/24

      i am still unable to get internet on my local machines :-(

      1 Reply Last reply Reply Quote 0
      • R
        Ryanmt
        last edited by Apr 9, 2011, 8:34 AM

        When you say internet, is it a DNS issue or just not access at all.

        for example,

        ping google.co.uk

        should return on the first line

        PING google.co.uk (209.85.229.147) 56(84) bytes of data.

        if you get the IP you have the DNS ok

        if you dont try

        ping 209.85.229.147 and see if that works.

        One work around could be delete all the AON and turn auto nat back on. From what i remember when setting mine up it will auto generate everything you need for the lan and vpn so you shouldn't need to add anything in your scenario

        1 Reply Last reply Reply Quote 0
        • T
          tehtrk
          last edited by Apr 12, 2011, 9:00 PM

          @trinybwoy:

          After some more research i found this.

          Every locally connected subnet, whether defined and reachable via a static route or attached to a LAN or OPT interface, will have its outbound traffic leaving any WAN interfaces NATed to that WAN interface's IP. You can change this behavior by enabling Advanced Outbound NAT (AON) but this is usually unnecessary and adds unneeded complexity.
          For OpenVPN if you want the OpenVPN subnet NAT'ed to WAN, you will have to use AON.

          I Did some adjustments. I enabled the advances Outbound Nat and i put in rules for the following

          Interface : WAN Source : 10.10.10.0/24 (which is my local lan)
          the Source port, destination, destination port, Nat address, nat port are *'s

          i also did the same for my VPN address pool 10.10.11.0/24

          i am still unable to get internet on my local machines :-(

          That would be needed if you are going to route all traffic through the VPN, including regular internet traffic. If you do want to do this, I would suggest installing the OpenVPN enhancement package for 1.2.3 and check the "Redirect Gateway" option. If you are running pfSense version 2.0-rc1, the Redirect Gateway option is already present.

          If you do not want to route all traffic through the VPN, rather only the traffic that needs to go through it (like the above mentioned RDP and slingbox management), then you are wanting to setup split VPN. Regular internet traffic (for example youtube or google) doesn't go through the VPN, but when you try managing your slingbox, that will go over the VPN.

          What OS and/or distro are you running on the client? I noticed a similar issue with split VPN that ended up being due to a setting in Ubuntu's Network Manager. Basically, the more info you give, the easier it will be to help you.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received