OpenVPN : Tunneling all client traffic through openVPN



  • Hi,
    I know it has been discussed several times and I've been trying to understand what is going wrong for days now…
    I followed the how-tos to force web traffic through the tunnel without any success.
    http://forum.pfsense.org/index.php?topic=49459.0
    http://forum.pfsense.org/index.php/topic,6056.0.html

    I have a site to site connection using OpenVPN

    HO VPN Server  <–------------------>Remote Site VPN Server
    LAN if :10.60.1.21// LAN 10.60.1.0/24 Lan if : 10.60.2.21 // LAN 10.60.2.0/24
    WAN Interface 192.168.31.34         WAN Interface 192.168.31.38
    |
    |
    |
    LAN if : 10.60.1.20 (which is also my DNS)
    HO Internet Router

    OpenVPN setup:
    UDP, tun, WAN, openVPN port 1194
    Tunnel Network 192.168.10.0/24
    DNS server 10.60.1.20

    • I can ping hosts in the HO LAN from the remote LAN.
    • Ping www.google.com resolve but shows 'host is unreachable'

    When I traceroute "google" from my remote site, I clearly see my packest are not routed through the VPN (192.168.31.37 beeing my ISP GW)
    traceroute www.google.com
    traceroute to www.google.com (173.194.35.113), 64 hops max, 40 byte packets
    1  192.168.31.37 (192.168.31.37)  0.872 ms  0.876 ms  0.708 ms
    2  192.168.31.37 (192.168.31.37)  0.624 ms !N *  0.815 ms !N

    Whereas traceroute from a remote LAN host to a web server in my HO LAN responds correctly, going through the VPN tunnel:
    traceroute 10.60.1.27
    traceroute to 10.60.1.27 (10.60.1.27), 64 hops max, 40 byte packets
    1  192.168.10.1 (192.168.10.1)  3.471 ms  3.741 ms  3.922 ms
    2  10.60.1.27 (10.60.1.27)  3.891 ms  3.866 ms  3.969 ms

    On my VPN server side I have:

    • added the push "redirect-gateway def1"; push "dhcp-option DNS 10.60.1.20" to redirect traffic
    • activate AON : WAN 10.60.1.0/24 * * * * *
    • The VPN tunnel is up and the routes through VPN are ok
      Internet:
      Destination        Gateway            Flags    Refs      Use  Netif Expire
      default            192.168.31.33      UGS        0    5143    em1
      10.60.1.0/24      link#1            U          0    5196    em0
      10.60.1.21        link#1            UHS        0        0    lo0
      10.60.2.0/24      192.168.10.2      UGS        0    4872 ovpns1
      127.0.0.1          link#6            UH          0      139    lo0
      192.168.2.0/24    10.60.1.20        UGS        0        0    em0
      192.168.10.1      link#9            UHS        0        0    lo0
      192.168.10.2      link#9            UH          0        2 ovpns1
      192.168.31.32/30  link#2            U          0      254    em1
      192.168.31.34      link#2            UHS        0        0    lo0

    On my VPN client side I have added:

    • activate AON : WAN 10.60.2.0/24 * * * * *
    • The VPN tunnel is up and the routes through VPN are ok
      Destination        Gateway            Flags    Refs      Use  Netif Expire
      default            192.168.31.37      UGS        0    4064    vr1
      10.60.1.0/24      192.168.10.1      UGS        0    3893 ovpnc1
      10.60.2.0/24      link#1            U          0    4225    vr0
      10.60.2.21        link#1            UHS        0        0    lo0
      127.0.0.1          link#5            UH          0      131    lo0
      192.168.10.1      link#8            UH          0        0 ovpnc1
      192.168.10.2      link#8            UHS        0        0    lo0
      192.168.31.36/30  link#2            U          0      296    vr1
      192.168.31.38      link#2            UHS        0        0    lo0

    I might have forgotten something on the AON but can't figure what.

    Thanks for any help !
    Patrick



  • So on the HO firewall I've activated AON and created a manual rule to NAT my remote subnet as stated in different post but it's still a no go. (see attached jpeg)
    I can reach internal web server from Remote site but still no Internet.
    Running on the last pfsense distro 2.0.1-RELEASE (i386)

    Anyone for any help please?



Locked