Route Internet-traffic through OpenVPN Server

WokoSchan

Hi there,

I try to set up my OpenServer on pfSense. I can connect to my pfSense OpenVPN Server, I also can browse pfSense Webinterface via its local adress (192.168.178.1).
But it doesn't route the clients internet-traffic through the VPN - even through its "orignal" gateway.

Client config:

dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote secret.adress 9090 udp
lport 0
auth-user-pass
ca gateway-udp-9090-ca.crt
redirect-gateway def1
ns-cert-type server
comp-lzo adaptive
verb 4

Server config:
http://fs5.directupload.net/images/160309/wntv7evo.jpg (or Attachment)

viragomann

Check "Redirect Gateway" in server config.

WokoSchan

@viragomann:

Check "Redirect Gateway" in server config.

That didn't do the trick.

Already set a any/any rule in OpenVPN.

Since I'm behind an cable-modem, I had to NAT my OpenVPN servers port (9090 in this case).

Do I also have to set NAT-Outbound rules? I set them to "manual" because I also use some OpenVPN clients on my pfSense

viragomann

Yes, for Internet traffic you need also to add an outbound NAT rule like this:

WAN      <vpntunnelnetork>*         *         *         WAN address        *        NO</vpntunnelnetork> 

WokoSchan

Added rule. Still no Internet trhough VPN.

viragomann

Okay, you say you have also a vpn client installed. Have you assigned particular interfaces to each, client and server? This will be necessary in this case.

After you have to add firewall rules to each interface to permit the traffic you need.

daniev

I had a similar issue and the problem seems to be solved by running the OpenVPN GUI as an Administrator (Windows 10). Find the OpenVPN GUI file, right click to select properties, then under advanced check Run as Administrator.

WokoSchan

@viragomann:

Okay, you say you have also a vpn client installed. Have you assigned particular interfaces to each, client and server? This will be necessary in this case.

After you have to add firewall rules to each interface to permit the traffic you need.

Yes. Every OpenVPN client has its own interface. I have not done that for the server, but now I created it.
But still no Internet traffic through vpn. Although I already set firewall rules for "OpenVPN" and "VPNSERVER", any * any *

NAT options

WAN	 	127.0.0.0/8	*	*	500	WAN address	*	YES
WAN	 	127.0.0.0/8	*	*	*	WAN address	*	NO
WAN	 	192.168.178.0/24	*	*	500	WAN address	*	YES
WAN	 	192.168.178.0/24	*	*	*	WAN address	*	NO
WAN	 	10.0.8.0/24	*	*	*	WAN address	*	NO

• the WAN rules are duplicated with every of my vpn-client interfaces

WokoSchan

Well, I maybe know whats the issue is:

My OpenVPN clients on pfSense are used for a service like hidemyass. I use multiple connections for different clients.
They always try to set a new route directly on my pfsense

ERROR: FreeBSD route add command failed: external program exited with error status: 1

As soon as I start one of my OpenVPN clients, the internet-passthrough for my clients won't work.
Maybe because my pfsense public IP address is not my ISPs address, its one of my hidemyass IPs.

I'll try to check "Don't pull routes" on my pfsense OpenVPN client configs.

WokoSchan

Yes! Checked "Don't pull routes" and now it works!

Now I want to change the gateway for specific vpn-connected-clients:

On LAN:

IPv4 *	VPNSERVER net	*	*	*	VPN_PP_AMSTERDAM_VPNV4	none	

won't work.