OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: thebraz on September 14, 2020, 11:13:03 am
-
Hello,
using OpnSense 20.7.2.
I followed exactly the procedure reported at this link (different port and Description names but same flgs / procedure):
hxxps://homenetworkguy.com/how-to/configure-openvpn-opnsense/
in order to achieve a VPN that could allow me to reach some of my LAN resources (I added a rule in order to protect RDP to one PC on the LAN and it worked like a charm) and could also allow the client(s) to surf the net like all traffic came from the OPNSense Box.
I exported the client file for my android phone and for my home PC like descripted in the above link.
Then, since I had my android phone with me, I got the android OpenVpn client and imported the connection file and all worked like a charm when connected to the VPN: from the phone I could RDP the LAN address of my PC and I could surf the Internet having the IP address of the OPNsense WAN Gateway.
When at home I installed the OpenVPN client on my PC (HP laptop, Win 10 2004, 8 GB RAM), imported the file for PC created together with the one for my phone and................When connected to the VPN I couldn't have internet access at all. DNS where solved (I tried a ping -a from command prompt) but it all ended there.
Furthermore, the same happen from my phone.
It couldn't surf the Internet anymore when connected to the VPN and nothing had changed in OPNsense since when it all worked and nothing had changed in the phone.
I'm a little lost here...............If someone could help me share some light...............
I'm available if further info are required.
Thanks in advance
-
Hello, sorry to bump the thread but saw a few reads bout no answers and realized that perhaps I wrote too much (or too little, LOL).
In short: is there any reason for which full tunneling should behave erratically (since on the phone worked at first and then stopped without any change in both server and client side).
And what could I do in order to trace the problem?
Thanks in advance
-
Does anything if you change your home PC's network settings so it appear outside your internal network.. eg connect it to your cellphone and run OpenVPN client.
-
Hi, thanks for your reply.
I tried already last day but this didn't work.
And also connecting my phone alone doesn't work anymore (it connect, can access internal network through VPN according to the rules I wrote but can't surf if I tunnel all traffic through VPN).
The thing that makes me mad is why did it work on my phone at first and not anymore since nothing changed?
Best wishes
-
What rules have you added for vpn clients?
is there something in the fw log?
-
Hello, Thanks to you too :D
I only introduced the rules that allowed me to RDP a PC in the LAN from VPN connected clients (and it works now too).
Regarding the tunnel traffic I relied on the automatic rules that are generated by OpnSense when you check "Redirect Gateway".
Regarding the logs..................something I should focus my attention on?
Thanks in advance
-
Hi)
I only introduced the rules that allowed me to RDP a PC in the LAN from VPN connected clients (and it works now too).
yes. and since by default wizard rules already allows all traffic for vpn clients, i'm trying to figure out if you could accidentally deny some traffic
-
Hi,
I only introduced one allow rule for RDP so it shouldn't be the source of any problem.
BTW: The first few times I tried it with the phone it all worked, my phone was externally seen with the address of Opnsense WAN and could surf, so rules should've been fine and nothing has been changed by me since then.
Best Wishes
-
- guys, something doesn't work for me. help me please.
-OK. attach the logs and configuration so we can figure out what can be the reason.
-no, everything is fine there. what should I do?
;D
then study the logs and check the configuration, firewall and nat rules.
can capture traffic on interfaces.
error somewhere there)
Best Wishes
-
Hi,
if there had been a request to "attach the logs" I should surely had done that.
Anyway I posted how the system was configured, it's enough to follow the link in the first post of this thread.
That said, thanks anyway for your time.
Best Wishes
-
If someone should have the same problem:
I restarted from scratch and configured the OpenVPN server exactly as in the OpnSense guide:
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html (https://docs.opnsense.org/manual/how-tos/sslvpn_client.html)
apart from the OTP part that I left out.
This way I got a working VPN, capable of RDPing, for example, with split tunneling.
When I want all traffic to go through the tunnel I simply add
redirect-gateway def1
in the client configuration and the system works that way too (using OpenVPN client 2.5 rc1).
Best Wishes