Clients can connect to OpenVPN, reach internal Resources, but no access to Inter



  • Hi,

    I have been using PFsense for quite some time, and been using this identical setup on various installations.. However, on the latest installation running 2.0.2-RELEASE (amd64) i note the following symthoms:

    1. Clients can connect Open VPN Server using community client
    2. Routes get added correctly on client devices
    3. Once connected to the VPN, internal resources are accessible
    4. External resources seem to be tunneled by the VPN since i can see them in the firewall log, however the client cannot reach those external resources:

    dev ovpns1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher BF-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local ...
    tls-server
    server ... 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    username-as-common-name
    auth-user-pass-verify /var/etc/openvpn/server1.php via-env
    tls-verify /var/etc/openvpn/server1.tls-verify.php
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 64
    push "route ... 255.255.255.0"
    push "dhcp-option DOMAIN domain.local"
    push "dhcp-option DNS ..."
    push "dhcp-option DNS 8.8.8.8"
    duplicate-cn
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.1024
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo
    persist-remote-ip
    float
    push "redirect-gateway def1"

    It is required for us to tunnel all traffic through the VPN, and removing the redirect-gateway works, however traffic outside the defined network are not tunneled and that is required…

    Im considering of downgrading, but i dont think this would resove the issue since i haven't noted any other complaints..

    Does anyone have any suggestions since im @ a loss..

    Thanks



  • Fixed, Had manual NAT enabled and didn't add the OpenVPN Network NAT Rule


Locked