Route Internet-traffic through OpenVPN Server



  • Hi there,

    I try to set up my OpenServer on pfSense. I can connect to my pfSense OpenVPN Server, I also can browse pfSense Webinterface via its local adress (192.168.178.1).
    But it doesn't route the clients internet-traffic through the VPN - even through its "orignal" gateway.

    Client config:

    
    dev tun
    persist-tun
    persist-key
    cipher AES-128-CBC
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote secret.adress 9090 udp
    lport 0
    auth-user-pass
    ca gateway-udp-9090-ca.crt
    redirect-gateway def1
    ns-cert-type server
    comp-lzo adaptive
    verb 4
    
    

    Server config:
    http://fs5.directupload.net/images/160309/wntv7evo.jpg (or Attachment)



  • Check "Redirect Gateway" in server config.



  • @viragomann:

    Check "Redirect Gateway" in server config.

    That didn't do the trick.

    Already set a any/any rule in OpenVPN.

    Since I'm behind an cable-modem, I had to NAT my OpenVPN servers port (9090 in this case).

    Do I also have to set NAT-Outbound rules? I set them to "manual" because I also use some OpenVPN clients on my pfSense



  • Yes, for Internet traffic you need also to add an outbound NAT rule like this:

    WAN      <vpntunnelnetork>*         *         *         WAN address        *        NO</vpntunnelnetork> 
    


  • Added rule. Still no Internet trhough VPN.



  • Okay, you say you have also a vpn client installed. Have you assigned particular interfaces to each, client and server? This will be necessary in this case.

    After you have to add firewall rules to each interface to permit the traffic you need.



  • I had a similar issue and the problem seems to be solved by running the OpenVPN GUI as an Administrator (Windows 10). Find the OpenVPN GUI file, right click to select properties, then under advanced check Run as Administrator.



  • @viragomann:

    Okay, you say you have also a vpn client installed. Have you assigned particular interfaces to each, client and server? This will be necessary in this case.

    After you have to add firewall rules to each interface to permit the traffic you need.

    Yes. Every OpenVPN client has its own interface. I have not done that for the server, but now I created it.
    But still no Internet traffic through vpn. Although I already set firewall rules for "OpenVPN" and "VPNSERVER", any * any *

    NAT options

    
    WAN	 	127.0.0.0/8	*	*	500	WAN address	*	YES
    WAN	 	127.0.0.0/8	*	*	*	WAN address	*	NO
    WAN	 	192.168.178.0/24	*	*	500	WAN address	*	YES
    WAN	 	192.168.178.0/24	*	*	*	WAN address	*	NO
    WAN	 	10.0.8.0/24	*	*	*	WAN address	*	NO
    
    
    • the WAN rules are duplicated with every of my vpn-client interfaces


  • Well, I maybe know whats the issue is:

    My OpenVPN clients on pfSense are used for a service like hidemyass. I use multiple connections for different clients.
    They always try to set a new route directly on my pfsense

    ERROR: FreeBSD route add command failed: external program exited with error status: 1

    As soon as I start one of my OpenVPN clients, the internet-passthrough for my clients won't work.
    Maybe because my pfsense public IP address is not my ISPs address, its one of my hidemyass IPs.

    I'll try to check "Don't pull routes" on my pfsense OpenVPN client configs.



  • Yes! Checked "Don't pull routes" and now it works!

    Now I want to change the gateway for specific vpn-connected-clients:

    On LAN:

    IPv4 *	VPNSERVER net	*	*	*	VPN_PP_AMSTERDAM_VPNV4	none	
    

    won't work.


Log in to reply