pfSense 2.1 OpenVPN client not using tunnelled interface
- by Brian M. Hunt
I'm having some trouble getting OpenVPN working on my pfSense box. The issue is quite strange to me.
When I have the OpenVPN turned on, only my router is able to connect to the Internet. From the router I can use ping, links, etc., and connections work exactly as expected - through the VPN, with the IP address assigned by my VPN provider (Proxy.sh, incidentally).
However, none of the clients on the local network can connect to the Internet. I get timeouts when using ping or a web browser. I can ping my router, and the IP address of the gateway.
When I switch the default gateway from the VPN to my ISP's gateway, all works exactly as expected.
Here the routing table (netstat -r) when in VPN mode, and a key for it:
IPv4
Destination Gateway Flags Refs Use Mtu Netif Expire
0.0.0.0/1 10.XX.X.53 UGS 0 122 1500 ovpnc1 =
default 10.XX.X.53 UGS 0 235 1500 ovpnc1
8.8.8.8 10.XX.X.53 UGHS 0 82 1500 ovpnc1
10.XX.X.1/32 10.11.0.53 UGS 0 0 1500 ovpnc1
10.XX.X.53 link#12 UH 0 0 1500 ovpnc1
10.XX.X.54 link#12 UHS 0 0 16384 lo0
ZZ.XX.XXX.0/20 link#1 U 0 83 1500 re0
ZZ.XX.XXX.XXX link#1 UHS 0 0 16384 lo0
127.0.0.1 link#9 UH 0 12 16384 lo0
128.0.0.0/1 10.11.0.53 UGS 0 123 1500 ovpnc1
192.168.1.0/24 link#11 U 0 1434 1500 ue0
192.168.1.1 link#11 UHS 0 0 16384 lo0
YYY.YYY.YYY.YYY/32 ZZ.XX.XXX.1 UGS 0 249 1500 re0
IP addresses
10.XX.X.53/54 - My DHCP-assigned IP address/pair from the VPN provider
ZZ.XX.XXX.XXX - My external IP assigned by my ISP
YYY.YYY.YYY.YYY - The external IP assigned by the VPN provider
Interfaces
ovpnc1 - My VPN client interface
re0 - My LAN interface
ue0 - My WAN interface
This looks essentially what I would expect it to be. The default route is through the VPN provider. The VPN address is routed through the ISP-assigned IP address. I am not sure what would be wrong here.
So figuring this was a firewall issue, I basically tried enabling all in/out traffic. This did not seem to remedy the problem.
Also figuring it could possibly be some client networking issue, I restarted the clients on the LAN. This did not help.
I also ran route flush and reset the routes manually.
So I am a bit stumped, and would be very grateful for any thoughts on what the problem might be.
