OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: qiwi on April 08, 2018, 10:44:06 pm

Title: [SOLVED] Cannot get OpenVPN client to work for VPN service
Post by: qiwi on April 08, 2018, 10:44:06 pm
I recently switched from pfsense to opnsense, and I must say that I am really happy with this so far. However, there is one feature I cannot get to work. On my old router I setup a OpenVPN client to let the traffic from my server (single ip) pass through a VPN service from Private Internet Access. I tried setting this up in OPNsense, but when I enable the VPN Client internet for my whole network fails. I am really scratching my head why this is.

I did the following steps:

1) Setup the VPN through the guide provided at: https://helpdesk.privateinternetaccess.com/hc/en-us/articles/115005760606-Setting-up-a-Router-running-pfSense-Firmware

I have the idea that this is working, because the Status page at OpenVPN shows the following:
(https://www.degoudengans.nl/opnsense/vpn_status.png)

2) Assigned an interface

I assigned a interface for the VPN client called "PIA_OPNVPN", mapped to ovpnc1. Afterwards i checked "Enable interface" and let the other settings at there default.

3) Create alias for my server containing my server's IP address and alias name "Home_Server"
4) Configure Outbound NAT

I set outbound NAT to manual and setup the following rules:
(https://www.degoudengans.nl/opnsense/nat_rules.png)

After this configuration, when I start the OpenVPN Client my whole internet stops working. Disabling the client brings internet up again.

Can someone please help me getting this to work? Thank you!

Title: Re: Cannot get OpenVPN client to work for VPN service
Post by: Dimi3 on April 08, 2018, 11:03:25 pm
Im not an expert but i think you got NAT wrong..nat address should be interface address..you are pointing it to alias “home server”
Title: Re: Cannot get OpenVPN client to work for VPN service
Post by: Animosity022 on April 09, 2018, 02:31:43 pm
I'm trying to make sure I understand your use case and what your goal is.

Are you trying to mask your whole internal network through PIA?

I have TorGuard setup and just use a basic rule to route one host out. It's been working well now for me and wasn't that bad to setup.

I did a pretty similar process as I setup the VPN client, validated it connected. I setup an Interface and mapped it to ovpnc1.

I can see my VPN DHCP address setup in my Gateways and I just made that ping 8.8.8.8 to make sure it's working.

I setup manual outbound NAT similar to what you did as well.

My LAN Rule looks like:

https://imgur.com/sySZkpE

It routes a specific server first out the my TorGuard. I use that service specifically as I want to be able to port forward back via my VPN so that's why I've decided on that provider.
Title: Re: Cannot get OpenVPN client to work for VPN service
Post by: qiwi on April 09, 2018, 10:08:08 pm
Thanks guys for your help! I was somehow sleeping. I adjusted the NAT settings as Dimi3 suggested and also added LAN rules as Animosity022 stated. Now everything works as expected.