Pfsense as client using static key to openvpn server on vps
jynoob last edited by
I am really a newbie on this topic. I will try to make my story straight so that you may be able to help pin point the cause of problem.
I live in China, as you may know, due to the Great Fire Wall set in between me and the world of internet, I have to fight hard to squeeze myself out of the jail like "national LAN". So I bought myself a vps outside the country, and successfully setup an openvpn server on the vps which is running centos 5.5.
At home, I have a pfsense 2.0 as the router and firewall. I have successfully connected to my openvpn server from windows openvpn client using static key behind pfsense. With the help from option "–route net_gateway", I can even have the openvpn automatically choose whether to use openvpn tunnel based on ip network geo-locations. So all my traffic to outside asia network will use the openvpn tunnel.
(The reason I am using static key is because the GFW drops packets when it detects TLS negotiation, and one ISP even totally block IP addresses.)
Based on this success windows openvpn client experience, I thought I could use the openvpn client function on pfsense to directly link all my network traffic. However, when I actually tried the openvpn client in pfsense, I could only get the tunnel up but no traffic at all!?(I could see the openvpn status is up)
Below is my configurations,
ifconfig 10.10.10.1 10.10.10.2
And I have the iptables on the server configured with nat:
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o venet0 -j MASQUERADE
I can use the below config file to successfully connect to my openvpn server and establish a secure tunnel for breaking through the GFW,
remote openvpn.server.onvps 80
ifconfig 10.10.10.2 10.10.10.1
dhcp-option DNS 18.104.22.168
route 22.214.171.124 255.0.0.0 net_gateway 5
route 126.96.36.199 255.0.0.0 net_gateway 5
route 188.8.131.52 255.0.0.0 net_gateway 5
When there are several configurations I am not sure about, one particular area is the "remote network", what is supposed to put in there? I don't have a local network on my vps server, by ifconfig on the vps server, I see the ip address assigned by the vps company with a network mask of 255.255.255.255 on this venet interface. Where should I start looking for errors? As the server can take the windows client with no problem, I assume there must be something I missed?
Thanks in advance