Clients can connect to OpenVPN, reach internal Resources, but no access to Inter
-
Hi,
I have been using PFsense for quite some time, and been using this identical setup on various installations.. However, on the latest installation running 2.0.2-RELEASE (amd64) i note the following symthoms:
1. Clients can connect Open VPN Server using community client
2. Routes get added correctly on client devices
3. Once connected to the VPN, internal resources are accessible
4. External resources seem to be tunneled by the VPN since i can see them in the firewall log, however the client cannot reach those external resources:dev ovpns1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local ...
tls-server
server ... 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 64
push "route ... 255.255.255.0"
push "dhcp-option DOMAIN domain.local"
push "dhcp-option DNS ..."
push "dhcp-option DNS 8.8.8.8"
duplicate-cn
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float
push "redirect-gateway def1"It is required for us to tunnel all traffic through the VPN, and removing the redirect-gateway works, however traffic outside the defined network are not tunneled and that is required…
Im considering of downgrading, but i dont think this would resove the issue since i haven't noted any other complaints..
Does anyone have any suggestions since im @ a loss..
Thanks
-
Fixed, Had manual NAT enabled and didn't add the OpenVPN Network NAT Rule