Hidemyass



  • Hi,
    I have pfSense 2.1.5-RELEASE amd64 (and 2.2 same problem). I configured the VPN as this topic says, but I have the same issues described here. So I switched to Manual Outbound NAT rule generation but when OPENVPN connection goes up, I cannot surf.

    Openvpn logs

    May 18 19:32:22	pfSense openvpn[31930]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.200.0.1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1,ifconfig 10.200.1.118 255.255.252.0'
    May 18 19:32:22	pfSense openvpn[31930]: OPTIONS IMPORT: --ifconfig/up options modified
    May 18 19:32:22	pfSense openvpn[31930]: OPTIONS IMPORT: route options modified
    May 18 19:32:22	pfSense openvpn[31930]: OPTIONS IMPORT: route-related options modified
    May 18 19:32:22	pfSense openvpn[31930]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    May 18 19:32:22	pfSense openvpn[31930]: ROUTE_GATEWAY 192.168.0.254
    May 18 19:32:22	pfSense openvpn[31930]: TUN/TAP device ovpnc1 exists previously, keep at program end
    May 18 19:32:22	pfSense openvpn[31930]: TUN/TAP device /dev/tun1 opened
    May 18 19:32:22	pfSense openvpn[31930]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    May 18 19:32:22	pfSense openvpn[31930]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    May 18 19:32:22	pfSense openvpn[31930]: /sbin/ifconfig ovpnc1 10.200.1.118 10.200.1.118 mtu 1500 netmask 255.255.252.0 up
    May 18 19:32:22	pfSense openvpn[31930]: /sbin/route add -net 10.200.0.0 10.200.1.118 255.255.252.0
    May 18 19:32:22	pfSense openvpn[31930]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1543 10.200.1.118 255.255.252.0 init
    May 18 19:32:22	pfSense openvpn[31930]: /sbin/route add -net 104.224.1.2 192.168.0.254 255.255.255.255
    May 18 19:32:22	pfSense openvpn[31930]: /sbin/route add -net 0.0.0.0 10.200.0.1 128.0.0.0
    May 18 19:32:22	pfSense openvpn[31930]: /sbin/route add -net 128.0.0.0 10.200.0.1 128.0.0.0
    May 18 19:32:22	pfSense openvpn[31930]: Initialization Sequence Completed
    

    Nat Outbound Mappings

    WAN	 	127.0.0.0/8	*	*	500	WAN address	*	YES	
    WAN	 	127.0.0.0/8	*	*	*	WAN address	*	NO
    WAN	 	192.168.1.0/24	*	*	500	WAN address	*	YES
    WAN	 	192.168.1.0/24	*	*	*	WAN address	*	NO
    

    IP Pfsense

    192.168.1.253
    

    Can you help me? Thanks



  • update to 2.2.2 if you have no reason NOT to.

    you don't have NAT rules for your vpn connection. after assigning an interface to your vpn's connection and enabling it with type 'none' pfSense should do this automatically if outbound nat = auto.
    (you could offcourse add the nat yourself when using manual outbound nat)

    the reason internet stops working when vpn goes online is because your vpn overwrites the default-route and thus forces everything out the VPN, without proper NAT setup.



  • I am on 2.1.5 because Transparent proxy with Squid Squidguard don't work.
    Anyway I am a very beginner, which manual NAT roule do I need?

    HMA  	192.168.1.0/24	*	*	*	HMA address	*	NO
    

    Fixed. Thank you soo much