OpenVPN with external VPN provider

Started by petrij98, February 11, 2025, 02:53:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 11, 2025, 02:53:55 PM
Hey all! In my quest to migrate completely from PFSense to OPNSense, I've run into another snag that I might need help troubleshooting. When I used PFSense, I used to run all of my traffic through Surfshark VPN just to help protect my data from my ISP (with it being AT&T and all the security concerns being raised recently, it feels like it's best practice to do so). However, getting this set up has proven to be more of a hassle than it was on PFSense. I configured my VPN connections to the remote servers correctly (OpenVPN statuses and gateways prove so), Unbound has been configured appropriately, NAT has the correct rules generated/created, and my Firewall allows anything from my desired subnet out through the VPN gateway that I set. However, none of the hosts within my subnet can connect to the internet when all is said and done. I hope this is a quick fix that I'm overlooking, but I haven't been able to find anything. Any help would be greatly appreciated!
February 11, 2025, 05:06:21 PM #1
Just a random guess, did you check firewall rules for OpenVPN (Firewall / Rules / OpenVPN)?
I am using OpenVPN only for site2site and external users, but I do have manual allow in and out rules for all traffic.
February 11, 2025, 06:50:27 PM #2 Last Edit: February 11, 2025, 06:56:14 PM by petrij98
I have a temporary allow-all in and out rule on OpenVPN and the individual VPN interfaces, just to test. No result. I never had to do this on PFSense, so I assume I won't have to here. They're just there to watch the logs.

edit: I tweaked around a couple of logs and now, I can see all of the traffic through my target interface and the VPN interface. So, there is some activity even if not properly translating. I'm trying to test connectivity with a ping test, but it is not resolving until I remove the VPN gateway from the rules.
February 12, 2025, 10:38:23 AM #3
From your last message it sounds like you have DNS problems, if you do a traceroute to an IP address do you see it routing out via the VPN?  And if you try from a machine which shouldn't route via the VPN or from OPNsense itself, do you see it routing out not via the VPN?

It might be useful to see screenshots of your VPN, gateway, NAT, and firewall settings in case anyone can see a problem, redacted as you see fit.  I have a similar setup where one network routes out via Mullvad VPN, I usually use WireGuard but I've tried OpenVPN too and both work fine with suitable gateway, NAT, and firewall settings.

Also Unbound - not sure what you'd need to change there, and since you mention DNS problems, maybe that's somewhere to start.  Are the clients behind OPNsense using OPNsense as their resolver?
Print
Go Up Pages1
User actions