pfSense 2.1 OpenVPN client not using tunnelled interface

Posted by Brian M. Hunt on Super User See other posts from Super User or by Brian M. Hunt
Published on 2013-10-30T03:36:36Z Indexed on 2013/10/30 3:59 UTC
Read the original article Hit count: 542

Filed under:
|
|
|
|

I'm having some trouble getting OpenVPN working on my pfSense box. The issue is quite strange to me.

When I have the OpenVPN turned on, only my router is able to connect to the Internet. From the router I can use ping, links, etc., and connections work exactly as expected - through the VPN, with the IP address assigned by my VPN provider (Proxy.sh, incidentally).

However, none of the clients on the local network can connect to the Internet. I get timeouts when using ping or a web browser. I can ping my router, and the IP address of the gateway.

When I switch the default gateway from the VPN to my ISP's gateway, all works exactly as expected.

Here the routing table (netstat -r) when in VPN mode, and a key for it:

IPv4
Destination Gateway Flags   Refs    Use Mtu Netif   Expire
0.0.0.0/1   10.XX.X.53  UGS 0   122 1500    ovpnc1  =>
default 10.XX.X.53  UGS 0   235 1500    ovpnc1   
8.8.8.8 10.XX.X.53  UGHS    0   82  1500    ovpnc1   
10.XX.X.1/32    10.11.0.53  UGS 0   0   1500    ovpnc1   
10.XX.X.53  link#12 UH  0   0   1500    ovpnc1   
10.XX.X.54  link#12 UHS 0   0   16384   lo0  
ZZ.XX.XXX.0/20  link#1  U   0   83  1500    re0  
ZZ.XX.XXX.XXX   link#1  UHS 0   0   16384   lo0  
127.0.0.1   link#9  UH  0   12  16384   lo0  
128.0.0.0/1 10.11.0.53  UGS 0   123 1500    ovpnc1   
192.168.1.0/24  link#11 U   0   1434    1500    ue0  
192.168.1.1 link#11 UHS 0   0   16384   lo0  
YYY.YYY.YYY.YYY/32  ZZ.XX.XXX.1 UGS 0   249 1500    re0 

IP addresses

  • 10.XX.X.53/54 - My DHCP-assigned IP address/pair from the VPN provider
  • ZZ.XX.XXX.XXX - My external IP assigned by my ISP
  • YYY.YYY.YYY.YYY - The external IP assigned by the VPN provider

Interfaces

  • ovpnc1 - My VPN client interface
  • re0 - My LAN interface
  • ue0 - My WAN interface

This looks essentially what I would expect it to be. The default route is through the VPN provider. The VPN address is routed through the ISP-assigned IP address. I am not sure what would be wrong here.

So figuring this was a firewall issue, I basically tried enabling all in/out traffic. This did not seem to remedy the problem.

Also figuring it could possibly be some client networking issue, I restarted the clients on the LAN. This did not help.

I also ran route flush and reset the routes manually.

So I am a bit stumped, and would be very grateful for any thoughts on what the problem might be.

© Super User or respective owner

Related posts about networking

Related posts about router