Нет интернета openvpn pfsense

Using pfSense, OpenVPN Connects but Still Can’t See the Network

I am having an OpenVPN issue. I have a pfSense box at home configured to allow traffic through a VPN tunnel. The client computer is Windows XP Home, behind a standard Comcast connection and a Netgear wireless router. I use OpenVPN to access my work network (from where I am trying to get out of in this post) from home (with an XP Pro machine behind pfSense), and this works fine. The client config is similar but has the changes specific to my setup. Here is my XP Home config:

client dev tun proto tcp remote pfsense.*.org 1194 (starred out by me) resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3 

When I launch the OpenVPN GUI, the Tunnel TAP network connection turns red, and I can right-click that to connect to the server. Everything seems to work fine until I browse for the actual network. The Tunnel TAP connection turns green and it says connected to 10.1.1.6 (I have tried different IP pools here too with no luck). I can see the internal network fine, but my home network behind pfSense is not there. I have tried browsing there by using Tools > Map Network Drive, using the browser, with no success. When I open the command line on the client and use the ipconfig -all command, I get the following:

Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V9 Physical Address. . . . . . . . . : *** (starred out by me) Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.1.1.6 Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.1.1.5 Lease Obtained. . . . . . . . . . : Monday, March 15, 2010 1:18:37 PM Lease Expires . . . . . . . . . . : Tuesday, March 15, 2011 1:18:37 PM 

I noticed that the default gateway is not present. Could this be my problem? I am still relatively new to firewalls, VPN, and network configuration so I’m sure I am messing up something simple. Oh yah, I should note that I have firewall rules configured for pfSense to allow traffic through the WAN and the LAN. At first there was just the WAN firewall rule, because that is what I got from the literature I was reading. I then created a LAN rule as well, but I’m not sure if this was correct. Neither way works, though.

Источник

OpenVPN Support Forum

Newbie Help: OpenVPN/PfSense. Connected, but can’t ping LAN

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!

Newbie Help: OpenVPN/PfSense. Connected, but can’t ping LAN

Post by rockjock51 » Thu Dec 25, 2014 7:14 am

I’ve installed OpenVPN on my PfSense server and have successfully configured it and connected with my Windows client. That connection can ping the OpenVPN/PfSense server and use the internet just fine. It cannot, however, ping LAN computers on the server side. I’ve configured my firewall to allow all traffic from the OpenVPN interface to all destinations. I’ve also configured it to allow all LAN traffic to all destinations. The PfSense box is the only default gateway on the network, so the OpenVPN server is also the default gateway.

dev ovpns1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-256-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local tls-server server 10.0.1.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc username-as-common-name auth-user-pass-verify /var/etc/openvpn/server1.php via-env tls-verify /var/etc/openvpn/server1.tls-verify.php lport 1194 management /var/etc/openvpn/server1.sock unix max-clients 10 push "route 192.168.248.0 255.255.255.0" push "dhcp-option DNS 192.168.248.1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" push "redirect-gateway def1" client-to-client ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo persist-remote-ip float topology subnet 

dev tun persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote 75.120.156.104 1194 udp lport 0 verify-x509-name "MyOpenVPN-Server-Cert" name auth-user-pass pkcs12 pfsense-udp-1194-rockjock.p12 tls-auth pfsense-udp-1194-rockjock-tls.key 1 ns-cert-type server comp-lzo 

I’m struggling to understand what could be causing this. Any help would be greatly appreciated. Let me know if I’ve left any important bits out and I’ll get them added ASAP.

Источник

Используя pfSense, OpenVPN подключается, но все еще не видит сеть

у меня проблема с OpenVPN. У меня есть коробка с pfSense дома разрешить трафик через VPN-туннель. Клиентский компьютер — Windows XP Home, за стандартным подключением Comcast и беспроводным маршрутизатором Netgear. Я использую OpenVPN для доступа к своей рабочей сети (откуда я пытаюсь выбраться из этого поста) из дома (с машиной XP Pro за pfSense), и это работает нормально. Конфигурация клиента похожа, но имеет изменения, характерные для моей установки. Вот мой XP Home config:

client dev tun proto tcp remote pfsense.*.org 1194 (starred out by me) resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3 

когда я запускаю графический интерфейс OpenVPN, туннельное сетевое подключение становится красным, и я могу щелкнуть правой кнопкой мыши, чтобы подключиться к серверу. Кажется, все работает нормально, пока я не просмотрю фактическую сеть. Туннельное соединение крана становится зеленым, и это говорит подключенный к 10.1.1.6 (я пробовал различные пулы IP здесь тоже не повезло). Я прекрасно вижу внутреннюю сеть, но моей домашней сети за pfSense нет. Я пробовал просматривать там с помощью Tools > Карта сетевого диска, с помощью браузера, без успеха.

когда я открываю командную строку на клиенте и использую команду ipconfig-all, я получаю следующее:

Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V9 Physical Address. . . . . . . . . : *** (starred out by me) Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.1.1.6 Subnet Mask . . . . . . . . . . . : 255.255.255.252 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.1.1.5 Lease Obtained. . . . . . . . . . : Monday, March 15, 2010 1:18:37 PM Lease Expires . . . . . . . . . . : Tuesday, March 15, 2011 1:18:37 PM 

Я заметил, что шлюз по умолчанию не присутствует. Это может быть моей проблемой? Я все еще относительно новичок в брандмауэрах, VPN и сетевой конфигурации, поэтому я уверен, что я путаю что-то простое.

О да, я должен отметить, что у меня есть правила брандмауэра, настроенные для pfSense, чтобы разрешить трафик через WAN и ЛВС. Сначала было просто правило брандмауэра WAN, потому что это то, что я получил из литературы, которую я читал. Затем я также создал правило LAN, но я не уверен, что это правильно. Однако ни один из способов не работает.

11.11.2022 23:21 3332

Источник

Troubles with pfsense openVPN no Gateway

I am trying to use a hosted pfsense server to create an openVPN route to the internet. The goal of this is to create a secure tunnel to access the internet as well as a fixed IP for remote workers.

Our virtual server only has a WAN nic not LAN.

I have setup the openVPN through the wizard, clients can connect however do not get given a default gatway. Cleints can ping the server but cannot access the internet.

I’m not sure where to start as most examples on google have a LAN connection!

PAAC IT is an IT service provider.

Enter to win a PS5 console!

Contest ends 2023-07-21 Contests Fill out a form fill & answer a community question! Plus Bonus! Contest Details View all contests

4 Replies

wright-is

I haven’t used pfSense for a while, but in the standard setting, external traffic from the VPN client is routed externally, i.e. not over the VPN, in order to reduce bandwidth going through the VPN server and its network. You need to go into the openVPN settings in pfSense and tell it to set the default gateway on clients. In the «Tunnel settings», there should be an option «redirect Gateway», this needs to be set, in order for the external traffic to be forced through the VPN tunnel.

Check the box for IPv4 and/or IPV6 if you want to force all traffic through the tunnel. The option is available in the OPENVPN server configuration page on your Pfsense under the Tunnel Settings section.

spicehead-yww11

mentosan ​
Thanks for the screenshot, we have this already configured. What I have noticed is the following message in the config log: Enter Management Password:
2020-12-24 15:03:01 TCP/UDP: Preserving recently used remote address: [AF_INET]95.154.192.200:1194
2020-12-24 15:03:01 UDPv4 link local (bound): [AF_INET][undef]:1194
2020-12-24 15:03:01 UDPv4 link remote: [AF_INET]95.154.192.200:1194
2020-12-24 15:03:01 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
2020-12-24 15:03:01 [mercury.paac-it.com] Peer Connection Initiated with [AF_INET]95.154.192.200:1194
****2020-12-24 15:03:02 Options error: route parameter network/IP ‘109.1169.81.215’ must be a valid address****
2020-12-24 15:03:02 open_tun
2020-12-24 15:03:02 tap-windows6 device [OpenVPN TAP-Windows6] opened
2020-12-24 15:03:02 Set TAP-Windows TUN subnet mode network/local/netmask = 123.45.5.0/123.45.5.2/255.255.255.0 [SUCCEEDED]
2020-12-24 15:03:02 Notified TAP-Windows driver to set a DHCP IP/netmask of 123.45.5.2/255.255.255.0 on interface [DHCP-serv: 123.45.5.254, lease-time: 31536000]
2020-12-24 15:03:02 Successful ARP Flush on interface [17]
2020-12-24 15:03:02 IPv4 MTU set to 1500 on interface 17 using service
2020-12-24 15:03:07 Initialization Sequence Completed
Not sure where it pulls this IP from? ‘109.1169.81.215’ This is the conf file on the client dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 95.154.192.200 1194 udp4
verify-x509-name «mercury.paac-it.com» name
auth-user-pass
pkcs12 Mercury-UDP4-1194-ian.harwood.p12
tls-auth Mercury-UDP4-1194-ian.harwood-tls.key 1
remote-cert-tls server

Anyhelp grately received been bashing my head about this one for hours reading forums/manuals and trial and error. Merry Christmas 🙂

• local_offer Tagged Items
• mentosan

spicehead-yww11

The misconfig is now fixed with regards to the IP address and this was coming from the Push command I used to push routes to the clients, and this is what the Route Table on the Client looks like now:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.33 45
0.0.0.0 128.0.0.0 123.45.5.1 123.45.5.2 281
95.154.192.198 255.255.255.255 123.45.5.1 123.45.5.2 281
109.169.81.215 255.255.255.255 123.45.5.1 123.45.5.2 281

So I think the problem we are having is how to route traffic from the VPN network with gateway 123.45.5.1 to the WAN?
There are no complicated firewall rules we are having in place — so how do we route traffic from the VPN tunnel 123.45.5.1 backout through the WAN interface of the pfsense firewall?

This topic has been locked by an administrator and is no longer open for commenting.

To continue this discussion, please ask a new question.

Источник