OpenVPN Remote Access, Tap Connector and no Internet Access

  • Good morning all,

    I have recently made the upgrade at home to a LinITX firewall device with full pfsense installed and running, firstly love it… so nice to have complete control over everything that is going on. I have used pfsense for a while, we use it as our office firewall, and is used in most of the labs we build as well, so I know my way round it and in fairness the VPN that I am trying to create mimics that which is in use at the office.

    I will go through a basic over view of the settings and troubleshooting that I have done, but as a quick synopsis I am using it for remote access with a tap connection, bridge setup and forcing all traffic over the VPN. I get a successful DHCP address, and traffic defaults to the right gateway, can get to the internal services but I have no external connectivity.

    Bear with me, here goes:

    Remote Access VPN configured with all the correct certs in place.

    Set OpenVPN server with tap connection and tick to say bridge connections, I then go and assign the newly created ovpns1 interface and then come back and set that as the connection it is bridged to. I have also ticked the box to force  all client generated traffic through the tunnel, in addition to setting the following advanced settings:

    push "redirect-gateway def1";
    push "route-gateway x.x.0.1";
    push "route-delay 10";

    I also configure a bridge through ovpns1 assigned interface and my internal client vlan (where I want the DHCP address to come from)

    I am using OpenVPN on Windows 10 (run with the right privileges), OpenVPN on Fedora (run as root) and Viscosity on Mac and they all display the same symptoms.

    Connect to VPN, get DHCP address from my client network as expected and can access internal services that reside on a different VLAN (rules and routing working correctly internally)

    The problem comes when trying to access external services, as an example I will talk through a ping to

    Ping works when not connected to VPN, second I establish the VPN link the responses stop.

    There are no drop logs on the firewall

    Packet capture on the firewall shows echo requests and replys working, in fact if I run wireshark I can see the replys and requests on the machine I am pinging from, although weirdly the response comes from a MAC address of the firewall, but for the storage network interface which should have no involvement in pinging externally.

    I see the same symptoms if I ping the client interface of the firewall, the network I am bridged to on the VPN, pings dont come back but packet capture and wireshark show they do.

    As an additional note, if I run a ping from the firewall itself (Diagnostics > Ping) with the source set as ovpns1, or the client vlan both work, its only when I do so from a client connected to the VPN it doesnt.

    Whilst I am demonstrating this with a ping, the same thing is happening with web traffic, dns traffic etc... so cant get any external based services.

    I am hoping I have provided substantial information and someone possibly recognises the fault, I have torn down and recreated this VPN about 4 times, compared it to the office based one and can see no obvious issues with it that would cause this.



  • Hello,
    I have the same problem. When I'm connected to the VPN I can not surf the Internet, but have access to the remote network.