Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Unable to route traffic over OpenVPN client
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unable to route traffic over OpenVPN client (Read 5684 times)
rdofl
Newbie
Posts: 2
Karma: 0
Unable to route traffic over OpenVPN client
«
on:
January 02, 2019, 01:26:28 am »
Hi,
I'm having issues getting an OpenVPN client to work (I am using ProtonVPN). I previously had this running on pfSense and I'm trying to get the same setup going on OPNsense. I've followed a number of tutorials as well as the
HOWTO guide
posted on these forums here but I'm stumped! Any help would be appreciated!
I undid all the changes from those tutorials and started from scratch. I have a basic config set up on one of my VLANs ('SERVERNET', 10.1.10/24) to try and figure this out. Can anyone see where I might be going wrong?
Info:
OpenVPN Client
Provider:
ProtonVPN
Don't pull routes:
checked
Don't add/remove routes:
unchecked
Connection shows as UP in Connection Status
Interfaces & Gateway
ovpnc1
attached to new
VPN_WAN
interface
IPv4 Configuration Type:
None
Gateway:
VPN_WAN_VPNV4 on interface VPN_WAN
IP address from OpenVPN client shows correctly on gateway
VPN_WAN_VPNV4 has been added to a Gateway Group called VPN_GROUP
Firewall Rules
I'm using 'SERVERNET' VLAN (10.1.10.0/24) to test with a rule that all non-local traffic is to use the VPN_GROUP gateway group. There is only one other rule for my local networks to talk to each other. See screenshot for more details.
There are no port forward or floating rules for this network.
Pass/Block
Proto
Source
Port
Destination
Port
Gateway
Description
Allow
IPv4 *
SERVERNET net
*
N_LOCALNETS
*
*
Default Allow any local traffic
Allow
IPv4 *
SERVERNET net
*
*
*
VPN_GROUP
Force traffic over VPN
N_LOCALNETS is an alias of all local networks (10.1.50.0/26, 10.1.20.0/25, 10.1.0.0/24, 10.1.10.0/24)
Firewall -> Settings -> Advanced
IPv6 Options: Allow IPv6:
checked
Gateway Monitoring: Skip rules when gateway is down:
checked
Outbound NAT
Mode:
Hybrid outbound NAT rule generation
I added additional rules for
VPN_WAN
interface with all local networks as sources, Source/Source Port/Destination/Destination Port as
*
, and NAT Address as
Interface Address
System DNS
I added the VPN provider's DNS (10.8.8.1 and 10.8.1.0) under System -> Settings -> General for the VPN_WAN_VPNV4 gateway. I also tried with public DNS as well in case this was an issue.
DHCP DNS for SERVERNET is left empty in DNS settings and shows as 10.1.10.1 on my clients on this network.
Unbound DNS Resolver
Enable Forwarding Mode:
checked
Screenshots of Gateways, Firewall Rules and Outbound NAT attached.
Does anyone have any ideas why I can't get this to work? If I remove the
VPN_GROUP
gateway group from the rule, I can access the internet over WAN from the SERVERNET machines. I also added logging to the rule and can see that the outbound traffic from those machines is being matched against the 'Force traffic over VPN' rule and allowed to pass but there seems to be no response back. I have a feeling it's a NAT issue and that there is no return path... but I am a little stumped as to where to go from here!
Thanks in advance for any help!
Logged
HA4g3n
Newbie
Posts: 5
Karma: 0
Re: Unable to route traffic over OpenVPN client
«
Reply #1 on:
January 07, 2019, 10:35:04 pm »
Hello,
Im trying to port forward a specified port so its opened in the VPN interface.
Now its configured all DHCP clients are under VPN and its working good besides the port forward issue.
I have tried several configs and tutorials without success.
Have heard one person saying its a bug in OPNsense that you can only portforward within a WAN interface, dont know it its true.
Im stuck aswell and others running PFsense this works directly.
Running OPNsense 18.7.10-amd64
OVPN over openVPN.
WAN 172.22.1.4 - Edgemax 172.22.1.4
LAN 192.168.1.2
VPN 10.128.64.xx Puiblic 185.x.x.x
Anyone haveing some ideas?
«
Last Edit: January 08, 2019, 09:13:40 pm by HA4g3n
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Unable to route traffic over OpenVPN client