[solved] Routing WAN traffic over VPN server
-
Hello,
I have set up an OpenVPN client to connect with IPvanish as described here: https://forum.pfsense.org/index.php?topic=66467.0. It seems to work in that I receive an IP address from IPvanish. However, I am unable to reach anything on the WAN side when the OpenVPN client is running. Any suggestions are much appreciated! Please see below my OpenVPN log:
Jan 26 05:43:35 openvpn[67468]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015 Jan 26 05:43:35 openvpn[67468]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09 Jan 26 05:43:35 openvpn[67468]: WARNING: file '/var/etc/openvpn/client2.up' is group or others accessible Jan 26 05:43:35 openvpn[67794]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jan 26 05:43:35 openvpn[67794]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jan 26 05:43:40 openvpn[67794]: UDPv4 link local (bound): [AF_INET]192.168.0.15 Jan 26 05:43:40 openvpn[67794]: UDPv4 link remote: [AF_INET]81.171.81.9:443 Jan 26 05:43:40 openvpn[67794]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Jan 26 05:43:41 openvpn[67794]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1570' Jan 26 05:43:41 openvpn[67794]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' Jan 26 05:43:41 openvpn[67794]: [ams-a20.ipvanish.com] Peer Connection Initiated with [AF_INET]81.171.81.9:443 Jan 26 05:43:43 openvpn[67794]: TUN/TAP device ovpnc2 exists previously, keep at program end Jan 26 05:43:43 openvpn[67794]: TUN/TAP device /dev/tun2 opened Jan 26 05:43:43 openvpn[67794]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16) Jan 26 05:43:43 openvpn[67794]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Jan 26 05:43:43 openvpn[67794]: /sbin/ifconfig ovpnc2 172.20.19.121 172.20.16.1 mtu 1500 netmask 255.255.252.0 up Jan 26 05:43:43 openvpn[67794]: /usr/local/sbin/ovpn-linkup ovpnc2 1500 1569 172.20.19.121 255.255.252.0 init Jan 26 05:43:43 openvpn[67794]: ERROR: FreeBSD route add command failed: external program exited with error status: 1 Jan 26 05:43:43 openvpn[67794]: Initialization Sequence Completed
Best,
matzus.
-
anyone?
-
Probably because the VPN becomes the default route. See /index.php?topic=106305.0. You need to make sure don't pull default roots is selected and then create firewall rules to direct traffic out of the appropriate interface.
-
Thank you. I got it to work now; for some reason, AON failed to create the necessary NAT rules, so I had to implement them myself. I then set the VPN interface as my LAN gateway, and that was it.
I do have a DNS leak, however. dnsleaktest.com shows my real location. Any mitigations i can use?
-
Have you tried adding the DNS servers under System > General Setup ?
Choose the VPN under "Use Gateway" -
Yes, I had that set. The solution was to select the VPN interface at Services -> DNS resolver -> Outgoing Network Interfaces.
Thank you too!