Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Cant get internet acces throug Openvpn Server. (About to blow my head off!)

    OpenVPN
    3
    18
    2680
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      notaduck last edited by

      Hello. i am about to get insane here, i have an OpenVPN server running on my pfsense box.
      I used the wizzard and checked the automatic rules, and everything is working great besides i can't acces and browse the internet.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        Totally overwhelmed by the amount of information…

        1 Reply Last reply Reply Quote 0
        • N
          notaduck last edited by

          so here comes some more ;)

          the settings for my OpenVPN server is

          server mode : Remote Acces (SSL/TLS+ User Auth)
          Device Mode : TUN
          Interface WAN
          LocalPort : 1994
          Dh Parameter lenght 2048
          Enchryption algoritm : AES-256-cbc
          auth digest algorithm : sha256
          Ipv4 tun : 10.0.3.0/24
          Dynamic IP is checked
          Address Pool is checked
          Verbosity Level is checked.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            Perhaps it will work better once you check the "Redirect Gateway" box.

            1 Reply Last reply Reply Quote 0
            • N
              notaduck last edited by

              @doktornotor:

              Perhaps it will work better once you check the "Redirect Gateway" box.

              damn sry, forgot to mention that is checked but didnt make a difference.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned last edited by

                We are back to square one with this amount of information. What's the VPN client?

                1 Reply Last reply Reply Quote 0
                • N
                  notaduck last edited by

                  @doktornotor:

                  We are back to square one with this amount of information. What's the VPN client?

                  sry. i am pretty new in the world og VPN's

                  but i am using openvpn-client on my laptop with Manjaro.
                  it is working perfectly togheter with IPVanish and only appears when i connect to my own server

                  And the way i connect to my server is exporting the Openvpn client files and importing them inmy client.

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned last edited by

                    Are you running Windows, or what? No idea what's Manjaro. Check the routing on the client. The default route needs to be via your OpenVPN when connected. Otherwise it just cannot work.

                    1 Reply Last reply Reply Quote 0
                    • N
                      notaduck last edited by

                      @doktornotor:

                      Are you running Windows, or what? No idea what's Manjaro. Check the routing on the client. The default route needs to be via your OpenVPN when connected. Otherwise it just cannot work.

                      it is an archlinux dist.
                      i dont think the problems is my client.
                      the only this i am able to ping is googles 8.8.8.8

                      This is the log files OpenVPN-server provides me

                      | May 8 12:21:50 openvpn[55532]: dgaa1991/83.136.90.231:41049 send_push_reply(): safe_cap=940
                      May 8 12:21:48 openvpn[55532]: dgaa1991/83.136.90.231:41049 MULTI_sva: pool returned IPv4=10.0.3.6, IPv6=(Not enabled)
                      May 8 12:21:48 openvpn[55532]: 83.136.90.231:41049 [dgaa1991] Peer Connection Initiated with [AF_INET]83.136.90.231:41049
                      May 8 12:21:48 openvpn: user 'dgaa1991' authenticated |

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned last edited by

                        @notaduck:

                        it is an archlinux dist.
                        i dont think the problems is my client.

                        Sorry. When the VPN works just fine except for routing all your non-local traffic via the VPN, then the problem is most likely your client. Check the routing.

                        
                        ip route show
                        
                        
                        1 Reply Last reply Reply Quote 0
                        • N
                          notaduck last edited by

                          You dont have to say that your are sorry ;)

                          Well this is weird! I just tried to connect to my phones wifi hotspot and everything is working flawless! it is only when I am connected to my schools network it isn't working.? but IpVanish does?

                          1 Reply Last reply Reply Quote 0
                          • D
                            doktornotor Banned last edited by

                            This is not a VPN server issue. You posted nothing about the client despite repeated requests. Good luck.

                            1 Reply Last reply Reply Quote 0
                            • N
                              notaduck last edited by

                              @doktornotor:

                              This is not a VPN server issue. You posted nothing about the client despite repeated requests. Good luck.

                              I know, I could post the ip route right now but that wouldn't help because i found out the problem only was on my schools network, and i am done in the school for today so i have to wait until Monday before i can post the output

                              1 Reply Last reply Reply Quote 0
                              • N
                                notaduck last edited by

                                @doktornotor:

                                @notaduck:

                                it is an archlinux dist.
                                i dont think the problems is my client.

                                Sorry. When the VPN works just fine except for routing all your non-local traffic via the VPN, then the problem is most likely your client. Check the routing.

                                
                                ip route show
                                
                                

                                so it is monday and I am in school today. my IP ROUTE SHOW :

                                
                                default via 10.0.3.5 dev tun0  proto static  metric 50 
                                default via 172.16.32.1 dev wlp2s0  proto static  metric 600 
                                10.0.1.0/24 via 10.0.3.5 dev tun0  proto static  metric 50 
                                10.0.3.1 via 10.0.3.5 dev tun0  proto static  metric 50 
                                10.0.3.5 dev tun0  proto kernel  scope link  src 10.0.3.6 
                                10.87.248.159 via 172.16.32.1 dev wlp2s0  proto dhcp  metric 600 
                                MY.WAN.IP via 172.16.32.1 dev wlp2s0  proto static  metric 600 
                                172.16.32.0/19 dev wlp2s0  proto kernel  scope link  src 172.16.37.175 
                                172.16.32.0/19 dev wlp2s0  proto kernel  scope link  src 172.16.37.175  metric 600 
                                
                                
                                1 Reply Last reply Reply Quote 0
                                • Derelict
                                  Derelict LAYER 8 Netgate last edited by

                                  What are the firewall rules on the OpenVPN tab on the server?

                                  Chattanooga, Tennessee, USA
                                  The pfSense Book is free of charge!
                                  DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                  1 Reply Last reply Reply Quote 0
                                  • N
                                    notaduck last edited by

                                    @Derelict:

                                    What are the firewall rules on the OpenVPN tab on the server?

                                    just wanted to post this aswell.

                                    my school ip show (Internet isn't working)
                                    the red line is an extra route contra phone connection

                                    default via 10.0.3.5 dev tun0  proto static  metric 50
                                    default via 172.16.32.1 dev wlp2s0  proto static  metric 600
                                    10.0.1.0/24 via 10.0.3.5 dev tun0  proto static  metric 50
                                    10.0.3.1 via 10.0.3.5 dev tun0  proto static  metric 50
                                    10.0.3.5 dev tun0  proto kernel  scope link  src 10.0.3.6
                                    10.87.248.159 via 172.16.32.1 dev wlp2s0  proto dhcp  metric 600
                                    MY.WAN.IP via 172.16.32.1 dev wlp2s0  proto static  metric 600
                                    172.16.32.0/19 dev wlp2s0  proto kernel  scope link  src 172.16.37.175
                                    172.16.32.0/19 dev wlp2s0  proto kernel  scope link  src 172.16.37.175  metric 600

                                    Connected to my phone (Internet is working here)

                                    default via 10.0.3.5 dev tun0  proto static  metric 50
                                    default via 192.168.43.1 dev wlp2s0  proto static  metric 600
                                    10.0.1.0/24 via 10.0.3.5 dev tun0  proto static  metric 50
                                    10.0.3.1 via 10.0.3.5 dev tun0  proto static  metric 50
                                    10.0.3.5 dev tun0  proto kernel  scope link  src 10.0.3.6
                                    MY.WAN.IP via 192.168.43.1 dev wlp2s0  proto static  metric 600
                                    192.168.43.0/24 dev wlp2s0  proto kernel  scope link  src 192.168.43.148
                                    192.168.43.0/24 dev wlp2s0  proto kernel  scope link  src 192.168.43.148  metric 600


                                    1 Reply Last reply Reply Quote 0
                                    • Derelict
                                      Derelict LAYER 8 Netgate last edited by

                                      That rule you added does nothing, but those rules aren't the source of your issue.

                                      Do you have NAT rules for the tunnel network of your VPN server out WAN?  I don't know if those are automatically created by automatic outbound NAT.  I would kind of doubt it.

                                      What does Firewall > NAT, Outbound tab show?

                                      ETA: Just checked and the tunnel network for my Remote Access server on my 2.2.2 test stack is automatically added by Automatic Outbound NAT.  Nice.

                                      Chattanooga, Tennessee, USA
                                      The pfSense Book is free of charge!
                                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                      1 Reply Last reply Reply Quote 0
                                      • N
                                        notaduck last edited by

                                        The outbound rules should be working ;) I checked the automatic rules aswell.


                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post