Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hidemyass

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lamero
      last edited by

      Hi,
      I have pfSense 2.1.5-RELEASE amd64 (and 2.2 same problem). I configured the VPN as this topic says, but I have the same issues described here. So I switched to Manual Outbound NAT rule generation but when OPENVPN connection goes up, I cannot surf.

      Openvpn logs

      May 18 19:32:22	pfSense openvpn[31930]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.200.0.1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1,ifconfig 10.200.1.118 255.255.252.0'
May 18 19:32:22	pfSense openvpn[31930]: OPTIONS IMPORT: --ifconfig/up options modified
May 18 19:32:22	pfSense openvpn[31930]: OPTIONS IMPORT: route options modified
May 18 19:32:22	pfSense openvpn[31930]: OPTIONS IMPORT: route-related options modified
May 18 19:32:22	pfSense openvpn[31930]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 18 19:32:22	pfSense openvpn[31930]: ROUTE_GATEWAY 192.168.0.254
May 18 19:32:22	pfSense openvpn[31930]: TUN/TAP device ovpnc1 exists previously, keep at program end
May 18 19:32:22	pfSense openvpn[31930]: TUN/TAP device /dev/tun1 opened
May 18 19:32:22	pfSense openvpn[31930]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
May 18 19:32:22	pfSense openvpn[31930]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
May 18 19:32:22	pfSense openvpn[31930]: /sbin/ifconfig ovpnc1 10.200.1.118 10.200.1.118 mtu 1500 netmask 255.255.252.0 up
May 18 19:32:22	pfSense openvpn[31930]: /sbin/route add -net 10.200.0.0 10.200.1.118 255.255.252.0
May 18 19:32:22	pfSense openvpn[31930]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1543 10.200.1.118 255.255.252.0 init
May 18 19:32:22	pfSense openvpn[31930]: /sbin/route add -net 104.224.1.2 192.168.0.254 255.255.255.255
May 18 19:32:22	pfSense openvpn[31930]: /sbin/route add -net 0.0.0.0 10.200.0.1 128.0.0.0
May 18 19:32:22	pfSense openvpn[31930]: /sbin/route add -net 128.0.0.0 10.200.0.1 128.0.0.0
May 18 19:32:22	pfSense openvpn[31930]: Initialization Sequence Completed

      Nat Outbound Mappings

      WAN	 	127.0.0.0/8	*	*	500	WAN address	*	YES	
WAN	 	127.0.0.0/8	*	*	*	WAN address	*	NO
WAN	 	192.168.1.0/24	*	*	500	WAN address	*	YES
WAN	 	192.168.1.0/24	*	*	*	WAN address	*	NO

      IP Pfsense

      192.168.1.253

      Can you help me? Thanks

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        update to 2.2.2 if you have no reason NOT to.

        you don't have NAT rules for your vpn connection. after assigning an interface to your vpn's connection and enabling it with type 'none' pfSense should do this automatically if outbound nat = auto.
        (you could offcourse add the nat yourself when using manual outbound nat)

        the reason internet stops working when vpn goes online is because your vpn overwrites the default-route and thus forces everything out the VPN, without proper NAT setup.

        1 Reply Last reply Reply Quote 0
        • L
          lamero
          last edited by

          I am on 2.1.5 because Transparent proxy with Squid Squidguard don't work.
          Anyway I am a very beginner, which manual NAT roule do I need?

          HMA  	192.168.1.0/24	*	*	*	HMA address	*	NO

          Fixed. Thank you soo much

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.