Cant get internet acces throug Openvpn Server. (About to blow my head off!)



  • Hello. i am about to get insane here, i have an OpenVPN server running on my pfsense box.
    I used the wizzard and checked the automatic rules, and everything is working great besides i can't acces and browse the internet.


  • Banned

    Totally overwhelmed by the amount of information…



  • so here comes some more ;)

    the settings for my OpenVPN server is

    server mode : Remote Acces (SSL/TLS+ User Auth)
    Device Mode : TUN
    Interface WAN
    LocalPort : 1994
    Dh Parameter lenght 2048
    Enchryption algoritm : AES-256-cbc
    auth digest algorithm : sha256
    Ipv4 tun : 10.0.3.0/24
    Dynamic IP is checked
    Address Pool is checked
    Verbosity Level is checked.


  • Banned

    Perhaps it will work better once you check the "Redirect Gateway" box.



  • @doktornotor:

    Perhaps it will work better once you check the "Redirect Gateway" box.

    damn sry, forgot to mention that is checked but didnt make a difference.


  • Banned

    We are back to square one with this amount of information. What's the VPN client?



  • @doktornotor:

    We are back to square one with this amount of information. What's the VPN client?

    sry. i am pretty new in the world og VPN's

    but i am using openvpn-client on my laptop with Manjaro.
    it is working perfectly togheter with IPVanish and only appears when i connect to my own server

    And the way i connect to my server is exporting the Openvpn client files and importing them inmy client.


  • Banned

    Are you running Windows, or what? No idea what's Manjaro. Check the routing on the client. The default route needs to be via your OpenVPN when connected. Otherwise it just cannot work.



  • @doktornotor:

    Are you running Windows, or what? No idea what's Manjaro. Check the routing on the client. The default route needs to be via your OpenVPN when connected. Otherwise it just cannot work.

    it is an archlinux dist.
    i dont think the problems is my client.
    the only this i am able to ping is googles 8.8.8.8

    This is the log files OpenVPN-server provides me

    | May 8 12:21:50 openvpn[55532]: dgaa1991/83.136.90.231:41049 send_push_reply(): safe_cap=940
    May 8 12:21:48 openvpn[55532]: dgaa1991/83.136.90.231:41049 MULTI_sva: pool returned IPv4=10.0.3.6, IPv6=(Not enabled)
    May 8 12:21:48 openvpn[55532]: 83.136.90.231:41049 [dgaa1991] Peer Connection Initiated with [AF_INET]83.136.90.231:41049
    May 8 12:21:48 openvpn: user 'dgaa1991' authenticated |


  • Banned

    @notaduck:

    it is an archlinux dist.
    i dont think the problems is my client.

    Sorry. When the VPN works just fine except for routing all your non-local traffic via the VPN, then the problem is most likely your client. Check the routing.

    
    ip route show
    
    


  • You dont have to say that your are sorry ;)

    Well this is weird! I just tried to connect to my phones wifi hotspot and everything is working flawless! it is only when I am connected to my schools network it isn't working.? but IpVanish does?


  • Banned

    This is not a VPN server issue. You posted nothing about the client despite repeated requests. Good luck.



  • @doktornotor:

    This is not a VPN server issue. You posted nothing about the client despite repeated requests. Good luck.

    I know, I could post the ip route right now but that wouldn't help because i found out the problem only was on my schools network, and i am done in the school for today so i have to wait until Monday before i can post the output



  • @doktornotor:

    @notaduck:

    it is an archlinux dist.
    i dont think the problems is my client.

    Sorry. When the VPN works just fine except for routing all your non-local traffic via the VPN, then the problem is most likely your client. Check the routing.

    
    ip route show
    
    

    so it is monday and I am in school today. my IP ROUTE SHOW :

    
    default via 10.0.3.5 dev tun0  proto static  metric 50 
    default via 172.16.32.1 dev wlp2s0  proto static  metric 600 
    10.0.1.0/24 via 10.0.3.5 dev tun0  proto static  metric 50 
    10.0.3.1 via 10.0.3.5 dev tun0  proto static  metric 50 
    10.0.3.5 dev tun0  proto kernel  scope link  src 10.0.3.6 
    10.87.248.159 via 172.16.32.1 dev wlp2s0  proto dhcp  metric 600 
    MY.WAN.IP via 172.16.32.1 dev wlp2s0  proto static  metric 600 
    172.16.32.0/19 dev wlp2s0  proto kernel  scope link  src 172.16.37.175 
    172.16.32.0/19 dev wlp2s0  proto kernel  scope link  src 172.16.37.175  metric 600 
    
    

  • Netgate

    What are the firewall rules on the OpenVPN tab on the server?



  • @Derelict:

    What are the firewall rules on the OpenVPN tab on the server?

    just wanted to post this aswell.

    my school ip show (Internet isn't working)
    the red line is an extra route contra phone connection

    default via 10.0.3.5 dev tun0  proto static  metric 50
    default via 172.16.32.1 dev wlp2s0  proto static  metric 600
    10.0.1.0/24 via 10.0.3.5 dev tun0  proto static  metric 50
    10.0.3.1 via 10.0.3.5 dev tun0  proto static  metric 50
    10.0.3.5 dev tun0  proto kernel  scope link  src 10.0.3.6
    10.87.248.159 via 172.16.32.1 dev wlp2s0  proto dhcp  metric 600
    MY.WAN.IP via 172.16.32.1 dev wlp2s0  proto static  metric 600
    172.16.32.0/19 dev wlp2s0  proto kernel  scope link  src 172.16.37.175
    172.16.32.0/19 dev wlp2s0  proto kernel  scope link  src 172.16.37.175  metric 600

    Connected to my phone (Internet is working here)

    default via 10.0.3.5 dev tun0  proto static  metric 50
    default via 192.168.43.1 dev wlp2s0  proto static  metric 600
    10.0.1.0/24 via 10.0.3.5 dev tun0  proto static  metric 50
    10.0.3.1 via 10.0.3.5 dev tun0  proto static  metric 50
    10.0.3.5 dev tun0  proto kernel  scope link  src 10.0.3.6
    MY.WAN.IP via 192.168.43.1 dev wlp2s0  proto static  metric 600
    192.168.43.0/24 dev wlp2s0  proto kernel  scope link  src 192.168.43.148
    192.168.43.0/24 dev wlp2s0  proto kernel  scope link  src 192.168.43.148  metric 600



  • Netgate

    That rule you added does nothing, but those rules aren't the source of your issue.

    Do you have NAT rules for the tunnel network of your VPN server out WAN?  I don't know if those are automatically created by automatic outbound NAT.  I would kind of doubt it.

    What does Firewall > NAT, Outbound tab show?

    ETA: Just checked and the tunnel network for my Remote Access server on my 2.2.2 test stack is automatically added by Automatic Outbound NAT.  Nice.



  • The outbound rules should be working ;) I checked the automatic rules aswell.