OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: loganx1121 on November 20, 2020, 09:28:10 pm
-
Redirect gateway used to work prior to the latest update. On October 17th I was out of town and in a hotel with unsecured WiFi and actually used this feature to get around that and confirmed that all of my traffic was routing over the tunnel.
Today I had a reason to use the VPN again and this has seemingly stopped. Trying to browse to any website, or ping out to the internet with the redirect gateway option checked just doesn't seem to work. I did a PCAP on the openvpn interface on the firewall and I do see the pings in the pcap, but there are no replies and web browsing just seems to time out.
If I uncheck redirect gateway, then pinging out to the internet and web browsing is fine. I have about 4 different OpenVPN servers running and they are all sharing the same behavior.
Here's the routing table from a PC I was using while connected to a public WiFi while on the VPN with redirect gateway enabled:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.128.128.128 10.140.249.135 40
0.0.0.0 128.0.0.0 10.5.19.5 10.5.19.6 291
10.0.0.0 255.0.0.0 On-link 10.140.249.135 296
10.5.0.0 255.255.0.0 10.5.19.5 10.5.19.6 291
10.5.19.0 255.255.255.0 10.5.19.5 10.5.19.6 291
10.5.19.4 255.255.255.252 On-link 10.5.19.6 291
10.5.19.6 255.255.255.255 On-link 10.5.19.6 291
10.5.19.7 255.255.255.255 On-link 10.5.19.6 291
10.140.249.135 255.255.255.255 On-link 10.140.249.135 296
10.255.255.255 255.255.255.255 On-link 10.140.249.135 296
73.61.103.19 255.255.255.255 10.128.128.128 10.140.249.135 296
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
128.0.0.0 128.0.0.0 10.5.19.5 10.5.19.6 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.5.19.6 291
224.0.0.0 240.0.0.0 On-link 10.140.249.135 296
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.5.19.6 291
255.255.255.255 255.255.255.255 On-link 10.140.249.135 296
Not really sure why this stopped working. I've made no firewall rule changes since I've been back from the vacation in October when it was working. The only thing I've really done on the firewall since is to update to 20.7.4
-
routing table looks fine for "Redirect Gateway" enabled.
I did a PCAP on the openvpn interface on the firewall and I do see the pings in the pcap
then redirect seems to work
can you check pf rules?
-
Hi,
i am running same setup, openvpn with redirect gw, and it works on 20.7.5 ... no issues.
Must be something else ...
M.
-
So I have an admin vpn for myself that basically says anything on that net can get anywhere it wants. I didn't make any rule changes. With redirect gateway on I can hit everything on my LAN fine, I just can't seem to get out to the internet at all. It's almost like the firewall just drops all the packets that aren't destined for the LAN. I'm pretty stumped.
It also does the same thing on any VPN I use. I have 4 total not counting site-to-site tunnels but those use wireguard. Any of the OpenVPN instances though, if redirect gateway is checked, there's no internet while on the vpn.
Another weird thing is that if I get on the VPN and do a continuous ping to say, 4.2.2.2, and check the live view of the firewall logs, I don't see any of that ping traffic.
-
what firewall rules do you have on the OpenVPN interface?