Netgate Store

Author Topic: Windows OS clients can't connect to the Internet  (Read 160 times)

0 Members and 1 Guest are viewing this topic.

Offline bugnet

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Windows OS clients can't connect to the Internet
« on: May 15, 2018, 11:44:18 am »
I currently have pfSense setup to route all network traffic through a client VPN configured in the pfSense box, it works great.

I also have an OpenVPN server configured on my pfSense box, with Server clients successfully able to connect and access the LAN.


I need for my clients connecting to my pfSense OpenVPN server to be able to access the internet (not just the LAN)  -

What is strange is that clients who have connect on through a Linux OS able to access the internetand and clients who connect through Windows OS can't connect to the Internet.

 OpenVPN settings Screenshot attached:
https://ibb.co/bZxZBJ


Help please :)

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2950
  • Karma: +321/-1
    • View Profile
Re: Windows OS clients can't connect to the Internet
« Reply #1 on: May 15, 2018, 12:45:23 pm »
I need for my clients connecting to my pfSense OpenVPN server to be able to access the internet (not just the LAN)  -
And you want to route the upstream traffic to internet resources over the vpn?


What is strange is that clients who have connect on through a Linux OS able to access the internetand and clients who connect through Windows OS can't connect to the Internet.
I guess, the Windows clients set the route over the vpn and Linux clients don't.

Offline bugnet

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Windows OS clients can't connect to the Internet
« Reply #2 on: May 16, 2018, 02:15:04 am »
No, Idont want to route the traffic to internet over the vpn server.
only the clients go out to internet in the regular way....
« Last Edit: May 16, 2018, 04:39:08 am by bugnet »

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2950
  • Karma: +321/-1
    • View Profile
Re: Windows OS clients can't connect to the Internet
« Reply #3 on: May 16, 2018, 04:56:53 am »
So go to the server settings and remove the check from "Redirect gateway" and enter the local networks you want to access from the clients in the "Local network/s" box.

Offline bugnet

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Windows OS clients can't connect to the Internet
« Reply #4 on: May 16, 2018, 07:11:13 am »
So go to the server settings and remove the check from "Redirect gateway" and enter the local networks you want to access from the clients in the "Local network/s" box.

The "Redirect gateway" is allready uncheck. "Local Network" works OK.
the only problem is with Windows OS that cant access external internet (MAC OS an Linux works fine).
I've also tried to push them to DNS settings -  also does not work...

very strange ....

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2950
  • Karma: +321/-1
    • View Profile
Re: Windows OS clients can't connect to the Internet
« Reply #5 on: May 16, 2018, 07:52:58 am »
To ensure that it's not a DNS issue, try to access a host in the internet by its IP address.

Please tell, what your vpn tunnel network is and post the routing table of the Windows client.

Does it affect only Windows 10 or also elder versions?

Offline bugnet

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Windows OS clients can't connect to the Internet
« Reply #6 on: May 16, 2018, 10:39:26 am »
To ensure that it's not a DNS issue, try to access a host in the internet by its IP address.

Please tell, what your vpn tunnel network is and post the routing table of the Windows client.

Does it affect only Windows 10 or also elder versions?

1. ping to 8.8.8.8 works fine.
2. my VPN network is 192.168.60.0/24
3. Until now I see the problem only with Windows 10.
4. route:

===========================================================================
Interface List
  5...00 ff 27 f9 cd f3 ......TAP-Windows Adapter V9
  8...fc 3f db 48 98 cd ......Intel(R) Ethernet Connection (3) I218-LM
  4...0a 00 27 00 00 04 ......VirtualBox Host-Only Ethernet Adapter
 19...64 80 99 96 54 d4 ......Microsoft Wi-Fi Direct Virtual Adapter
 18...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 12...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
 14...64 80 99 96 54 d3 ......Intel(R) Dual Band Wireless-AC 7265
 11...64 80 99 96 54 d7 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
  7...90 83 86 5a 50 51 ......HP hs3110 HSPA+ Mobile Broadband Device
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.7.254    192.168.4.254     45
     10.111.111.0    255.255.255.0     192.168.60.1     192.168.60.2      3
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0     192.168.60.1     192.168.60.2      3
      192.168.2.0    255.255.255.0         On-link       192.168.2.1    291
      192.168.2.1  255.255.255.255         On-link       192.168.2.1    291
    192.168.2.255  255.255.255.255         On-link       192.168.2.1    291
      192.168.4.0    255.255.252.0         On-link     192.168.4.254    301
    192.168.4.254  255.255.255.255         On-link     192.168.4.254    301
    192.168.7.255  255.255.255.255         On-link     192.168.4.254    301
     192.168.41.0    255.255.255.0         On-link      192.168.41.1    291
     192.168.41.1  255.255.255.255         On-link      192.168.41.1    291
   192.168.41.255  255.255.255.255         On-link      192.168.41.1    291
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
     192.168.60.0    255.255.255.0         On-link      192.168.60.2    259
     192.168.60.2  255.255.255.255         On-link      192.168.60.2    259
   192.168.60.255  255.255.255.255         On-link      192.168.60.2    259
    192.168.235.0    255.255.255.0     192.168.60.1     192.168.60.2      3
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link     192.168.4.254    301
        224.0.0.0        240.0.0.0         On-link      192.168.41.1    291
        224.0.0.0        240.0.0.0         On-link       192.168.2.1    291
        224.0.0.0        240.0.0.0         On-link      192.168.60.2    259
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link     192.168.4.254    301
  255.255.255.255  255.255.255.255         On-link      192.168.41.1    291
  255.255.255.255  255.255.255.255         On-link       192.168.2.1    291
  255.255.255.255  255.255.255.255         On-link      192.168.60.2    259
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  4    281 fe80::/64                On-link
 14    301 fe80::/64                On-link
 12    291 fe80::/64                On-link
 18    291 fe80::/64                On-link
  5    259 fe80::/64                On-link
  4    281 fe80::1946:4586:734e:9150/128
                                    On-link
 18    291 fe80::21ab:537f:9d4d:434/128
                                    On-link
 12    291 fe80::5d52:1a45:739b:94fb/128
                                    On-link
  5    259 fe80::b832:e27a:5fc8:b788/128
                                    On-link
 14    301 fe80::e1cb:44b6:33a4:37d7/128
                                    On-link
  1    331 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
 14    301 ff00::/8                 On-link
 12    291 ff00::/8                 On-link
 18    291 ff00::/8                 On-link
  5    259 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

5. ipconfig /all :

   Host Name . . . . . . . . . . . . : DESKTOP-1432
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : testshope

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : testshope
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-27-F9-CD-F3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b832:e27a:5fc8:b788%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.60.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : יום רביעי 16 מאי 2018 18:33:35
   Lease Expires . . . . . . . . . . : יום חמישי 16 מאי 2019 18:33:35
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.60.254
   DHCPv6 IAID . . . . . . . . . . . : 50396967
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-F3-FE-8F-FC-3F-DB-48-98-CD
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

6. I've also tried to push them to DNS settings - 8.8.8.8  also does not work...

10x

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2950
  • Karma: +321/-1
    • View Profile
Re: Windows OS clients can't connect to the Internet
« Reply #7 on: May 16, 2018, 11:32:53 am »
1. ping to 8.8.8.8 works fine.
So it's obviously a DNS issue.

The routes are fine.

Can the DNS server you've provide over vpn resolve public addresses? Try a nslookup with an established vpn connection and check if the host name can be resolved and which DNS server is requested.

Offline bugnet

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Windows OS clients can't connect to the Internet
« Reply #8 on: May 17, 2018, 04:25:20 am »
1. ping to 8.8.8.8 works fine.
So it's obviously a DNS issue.

The routes are fine.

Can the DNS server you've provide over vpn resolve public addresses? Try a nslookup with an established vpn connection and check if the host name can be resolved and which DNS server is requested.

as you can see the the public address cant resolved.


C:\Users\sup1>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  8.8.8.8


What could be the reason the DNS server 8.8.8.8 fails to resolve DNS?

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2950
  • Karma: +321/-1
    • View Profile
Re: Windows OS clients can't connect to the Internet
« Reply #9 on: May 17, 2018, 05:20:41 am »
So the client can't reach 8.8.8.8.  :o

According to your routing table, it should be routed to your default gateway 192.168.7.254.
Try a "tracert 8.8.8.8" to see where it stucks.

Maybe it helps to route the DNS server over the vpn. To do so, add "8.8.8.8/32" to you "IPv4 Local networks" in the vpn server settings (comma separated from other networks).

Also an outbound NAT rule for the vpn tunnel network on WAN is needed in this case. Maybe it was added automatically by pfSense.