Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can connect into OpenVPN Server, but all traffic (LAN/WAN) is dead

    OpenVPN
    1
    1
    701
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kars85 last edited by

      I've had an OpenVPN server setup for a couple months so I can remotely VPN in on my phone.

      Out of the blue, the BlueIris & JuiceSSH apps stopped working once I VPN'd in from my phone.  In fact, nothing worked.  No pings to WAN addresses or lan IP's would even work from local terminal.  So, I fired up a hotspot and tethered my Mac to it and connected in.  Same deal, can connect in, but all WAN/LAN connectivity is dead. Can't ping the pfsense 192.168.1.1 gateway address, the 10.0.8.5 OpenVPN gateway, or any LAN or WAN address.

      I'm not very well versed in understanding routing tables, but am I missing anything in there, or something obvious in my server config? I don't know why, out of the blue, things just stopped working with no environment changes whatsoever.

      Server config:

      
dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local sanitized IP
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'OpenVPNServer' 1 "
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 
dh /etc/dh-parameters.2048
crl-verify /var/etc/openvpn/server1.crl-verify 
tls-auth /var/etc/openvpn/server1.tls-auth 0
persist-remote-ip
float

      Client config:

      
remote sanitized.com 1194 udp
pull
auth-user-pass
tls-client
ns-cert-type server
tls-auth ta.key 1
persist-key
ca ca.crt
dev tun
persist-tun
cert cert.crt
key key.key
verify-x509-name "OpenVPNServer" name
resolv-retry infinite
auth SHA1
lport 0
verb 4
cipher AES-256-CBC

      netstat -nr on Mac:

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy