"
Shouldn't the NAT outbound rule and firewall rule take care of this? In some guide I read, it is not correct to set OpenVPN connection as the default route.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
16.7 Legacy Series / Re: OpenVPN client: route everything through VPN fails
September 17, 2016, 11:17:18 AM #2
16.7 Legacy Series / Re: OpenVPN client: route everything through VPN fails
September 17, 2016, 10:29:38 AM
netstat -rn shows:
I don't know how to debug this issue.
It looks like the OpenVPN tunnel is working.
What is not clear for me:
- Is the interface ovpnc1 correctly configured.
- Is the NAT outbound rule working.
- Is the gateway correctly configured.
- Is the firewall rull working correctly.
Any hints how this can be step by step checked?
Code Select
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.1.1 UGS igb1
10.4.0.0/16 10.4.28.95 UGS ovpnc1
10.4.0.1 link#8 UH ovpnc1
10.4.28.95 link#8 UHS lo0
10.42.0.0/16 link#1 U igb0
10.42.0.1 link#1 UHS lo0
127.0.0.1 link#7 UH lo0
192.168.1.0/24 link#2 U igb1
192.168.1.1 xx:xx:xx:xx:xx:xx UHS igb1
192.168.1.129 link#2 UHS lo0
Internet6:
Destination Gateway Flags Netif Expire
...I don't know how to debug this issue.
It looks like the OpenVPN tunnel is working.
What is not clear for me:
- Is the interface ovpnc1 correctly configured.
- Is the NAT outbound rule working.
- Is the gateway correctly configured.
- Is the firewall rull working correctly.
Any hints how this can be step by step checked?
#3
16.7 Legacy Series / OpenVPN client: route everything through VPN fails
September 16, 2016, 08:22:43 PM
Hi all,
I fail to configure the OpenVPN client properly.
Desired behaviour: All traffic from LAN goes through the OpenVPN client interface connection (and then from the OpenVPN server endpoint to the internet).
Actual behaviour: The OpenVPN connection is working and I see a Initialization Sequence Completed in the log file.
All the traffic from the LAN interface goes directly to WAN, however the desired behavior would be to go through the OpenVPN connection.
Resources I read so far and follow during the configuration process:
- https://wretmo.se/2016/01/24/how-to-setup-openvpn-client-on-opnsense/
- https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html?highlight=openvpn#step-5-client-firewall-rules
- https://forum.opnsense.org/index.php?topic=1951.msg6073#msg6073
OpenVPN client log file:
Interface
-> if.PNG
Gateway
-> gw.PNG
NAT outbound
-> ob.PNG
Firewall rules
-> fw.PNG
What point do I miss here?
I fail to configure the OpenVPN client properly.
Desired behaviour: All traffic from LAN goes through the OpenVPN client interface connection (and then from the OpenVPN server endpoint to the internet).
Actual behaviour: The OpenVPN connection is working and I see a Initialization Sequence Completed in the log file.
All the traffic from the LAN interface goes directly to WAN, however the desired behavior would be to go through the OpenVPN connection.
Resources I read so far and follow during the configuration process:
- https://wretmo.se/2016/01/24/how-to-setup-openvpn-client-on-opnsense/
- https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html?highlight=openvpn#step-5-client-firewall-rules
- https://forum.opnsense.org/index.php?topic=1951.msg6073#msg6073
OpenVPN client log file:
Code Select
Sep 16 18:04:47 openvpn[97185]: Initialization Sequence Completed
Sep 16 18:04:40 openvpn[97185]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 10.x.x.x 255.255.0.0 init
Sep 16 18:04:40 openvpn[97185]: /sbin/route add -net 10.y.y.y 10.x.x.x 255.255.0.0
Sep 16 18:04:40 openvpn[97185]: /sbin/ifconfig ovpnc1 10.x.x.x 10.y.y.y mtu 1500 netmask 255.255.0.0 up
Sep 16 18:04:40 openvpn[97185]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sep 16 18:04:40 openvpn[97185]: TUN/TAP device /dev/tun1 opened
Sep 16 18:04:40 openvpn[97185]: TUN/TAP device ovpnc1 exists previously, keep at program endInterface
-> if.PNG
Gateway
-> gw.PNG
NAT outbound
-> ob.PNG
Firewall rules
-> fw.PNG
What point do I miss here?
Pages1
