|
chillster
|
 |
« on: October 23, 2006, 06:45:16 am » |
|
Im trying to route all my traffic through the Ovpn tunnel, i can reach the remote network where my pfsensebox is located and ping that whole subnet but i cant reach the internet when i push the "redirect-gateway def1" option to my client. Im guessing its a firewall issue of some kind but i cant figure it out. Would really apreciate som guidance or if someone could point towards a guide or something...thanks!
|
|
|
|
|
Logged
|
|
|
|
|
|
SFM
|
|
« Reply #1 on: October 24, 2006, 01:52:39 pm » |
|
Do you have a rule to allow everything out from the LAN?
* LAN net * * * * Default LAN -> any
Open everything up and then make sure it works.
Once you have it working you can lock things down.
SFM
|
|
|
|
|
Logged
|
|
|
|
|
|
chillster
|
|
« Reply #2 on: October 25, 2006, 04:06:23 am » |
|
Thanks for the reply  Yea i have that rule, however i think that rule only applies to nodes on the same subnet as the green card on the firewall. I tried to add a similar rule with my vpn subnet but no luck. I also tried adding a rule allow anything from anywhere to anyplace on both LAN and WAN and still couldnt ping out, so maybe it isnt a firewall related. Any ideas ? Anyone else got this working? |
|
|
|
|
Logged
|
|
|
|
|
|
SFM
|
|
« Reply #3 on: October 25, 2006, 07:10:43 am » |
|
http://www.uplinksecurity.de/data/pfsense-ovpn.pdfIs everything setup like it is described in this document? If you don't use the (push "redirect-gateway def1") command can you get everything to work except of course the redirection of your gateway?
|
|
|
|
« Last Edit: October 25, 2006, 07:16:10 am by SFM »
|
Logged
|
|
|
|
|
|
chillster
|
|
« Reply #4 on: October 26, 2006, 11:38:42 am » |
|
Yes its more or less set up like the pdf describes.
Everything works excellent when i dont redirect the gateway, i can reach the internet (not through tunnel) and the remote subnet without any problems. Even when i do redirect gateway i can reach the remote subnet but not the internet at all.
|
|
|
|
|
Logged
|
|
|
|
|
|
SFM
|
|
« Reply #5 on: October 26, 2006, 11:51:28 am » |
|
Hum....
If you do an ipconfig /all does it show that the gateway has been added to your client computer when you are connnected?
Are you pushing more then just the gateway?
If so are you adding the ; between items?
push "dhcp-option DNS 10.0.0.10";push "dhcp-option WINS 10.0.0.10"
Do the other pushed items show in ipconfig /all (wins or DNS if you are pushing them)
Are you pushing the dns?
You may need this to get to the outside world
Just a few ideas
SFM
|
|
|
|
|
Logged
|
|
|
|
|
|
chillster
|
|
« Reply #6 on: October 28, 2006, 04:18:59 pm » |
|
The gateway gets pushed to the client correctly so that works ok.
I don push any other options except the gateway, but im thinking that shouldnt matter cause im not trying to ping a dnsadress just a regular ip.
Running out of ideas here :/
|
|
|
|
|
Logged
|
|
|
|
|
|
GruensFroeschli
|
|
« Reply #7 on: October 28, 2006, 05:00:36 pm » |
|
what you are trying to do is working for me right now. i use TCP since i have to use a proxy. here's my config. maybe you want to compare it with your own. $ less /var/etc/openvpn_server0.conf
writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto tcp-server
cipher BF-CBC
client-to-client
server 172.17.103.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
lport 443
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo
persist-remote-ip
float
push "redirect-gateway def1"
push "dhcp-option DNS 172.17.103.1"
|
|
|
|
|
Logged
|
We do what we must, because we can.
(Except when you PM me to help you directly - DONT: keep your issues in the forum)
|
|
|
|
|
chillster
|
|
« Reply #8 on: October 29, 2006, 05:25:36 am » |
|
Thanks, very helpful!
OK i compared our configs now and its almost identical except subnets, port, cipher and compression. And those shouldnt matter much i guess.
Did you add any rules to your firewall to get it to work ?
|
|
|
|
|
Logged
|
|
|
|
|
|
GruensFroeschli
|
|
« Reply #9 on: October 29, 2006, 05:54:11 am » |
|
i only added a rule to allow traffic to any
|
|
|
|
|
Logged
|
We do what we must, because we can.
(Except when you PM me to help you directly - DONT: keep your issues in the forum)
|
|
|
|
|
SFM
|
|
« Reply #10 on: October 30, 2006, 08:40:58 am » |
|
If you are connecting with windows xp service pack 2 make sure the firewall is off on the OVPN adapter. You can have the firewall on all connections but the Open VPN. There is a known issue with xp2 and openvpn. www.openvpn.org |
|
|
|
|
Logged
|
|
|
|
|
|
chillster
|
|
« Reply #11 on: October 30, 2006, 11:35:18 am » |
|
No my client is on an Ubuntubox, but thanks anyway : )
|
|
|
|
|
Logged
|
|
|
|
|
|
tpunder
|
|
« Reply #12 on: December 11, 2006, 12:13:58 am » |
|
I realize this topic is a month old, but a friend and I have been banging our heads again the wall for about 3 hours now trying to figure this out. We finally did. What you need to do is go into Firewall/NAT/Outbound then enable Advanced outbound NAT and add a line for your VPN's network much like your internal LAN. Once that was added it started working.
|
|
|
|
|
Logged
|
|
|
|
|
|
dairaen
|
|
« Reply #13 on: December 16, 2006, 09:35:01 am » |
|
cheers,
tpunder, could you please send me or upload a screenshot of
your working outbound NAT rules so i can add them to the
tutorial?
thanks.
kind regards
dairaen
|
|
|
|
|
Logged
|
|
|
|
|
|
tpunder
|
|
« Reply #14 on: December 17, 2006, 12:21:58 am » |
|
cheers,
tpunder, could you please send me or upload a screenshot of
your working outbound NAT rules so i can add them to the
tutorial?
thanks.
kind regards
dairaen
No problem, I just sent a PM with a screenshot. |
|
|
|
|
Logged
|
|
|
|
|
|
pfSense Forum
