Problems with OpenVPN behind Pfsense 2.2.3
-
Since Pfsense 2.2.3 I have some problems with OpenVPN.
OpenVPN connection through a pfsense box not work:
CLIENT1 <–-> PFSENSE1 (GATEWAY) <---> PFSENSE2 (OPENVPN SERVER) <--> NAS
CLIENT1 (windows/android device behind a PFSENSE box) makes an OpenVPN connection to the OpenVPN server running on PFSENSE2. Connection is ok, routes are ok, I can ping the devices on the other network, but other traffic, for example visiting a webserver takes forever. Feels like one bit is transported and than wainting forever.
When I make another setup without a Pfsense router for the client, the OpenVPN connection works.
-
where is this other pfsense box? Across the internet? What is the ip range on the other side where you nas is, what is the tunnel network?
You say you can ping the nas? What is the traceroute to the nas look like?
-
CLIENT1 is in the 192.168.10.x range.
The other box is on the internet and uses the 192.168.28.x range locally. (The NAS is on 192.168.28.8)
OpenVPN server use the range 192.168.25.x.
-
so what website are you trying to access, like the nas web gui?
Does the nas use that second pfsense as its gateway? You don't have any sort of mask on your 192.168 network with /16 for example they are all /24?
So your saying the web pages are just slow? So for example I access a webpage hosted by on a box behind pfsense that I connect to that pfsense via openvpn and don't have any issues what so ever. Are you accessing it via IP address or fqdn?
-
Yes, I test with the webgui of the nas. (but also tried other services) The NAS uses the second Pfsense as its gateway and the networks are all /24.
Access the webgui by IP, on a browser (windows/chrome) I get a timeout after a while. On my mobile phone (chrome, android) I get the page after a couple of minutes…
-
Well your first pfsense has nothing to do with it because if you can make the vpn connection all other traffic is in the tunnel an unable to be seen by pfsense to filter on port, etc. But you could have a rule on your vpn connection on the 2nd on that prevents access - but makes no sense why it would work with any other device would connect if they are coming through the same vpn.
And sure shouldn't take a couple of minutes.
Sure your not using some proxy on your browser that wouldn't work and the phone is trying proxy and then going direct?
I would suggest you prob do a sniff on nas directly or or pfsense to validate traffic is going towards the nas.. Should be a simple sniff on pfsense lan.. ARe you having any issues connecting to the 2nd pfsense web gui? I access mine pretty much every single day through a vpn and have never seen any sort of delays and I have a really bad latency because I have to bounce off the proxy here at work that is on hou tx, and I am in chicago and so is my pfsense.. So take the scenic route ;)
This is my pfsense lan interface
C:>tracert -d 192.168.9.253Tracing route to 192.168.9.253 over a maximum of 30 hops
1 104 ms 146 ms 100 ms 192.168.9.253
-
When I behind the first Pfsense with my mobile phone (connected with WIFI), connected with OpenVPN I have same issues. Then when I switch off the wifi and try the same over the mobile data connection, it works fine. So this suggest nothing to do with client…