pfSense Gold Subscription

Author Topic: OpenVPN, no gateway? No Internet  (Read 13644 times)

0 Members and 1 Guest are viewing this topic.

Offline Disconnect

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
OpenVPN, no gateway? No Internet
« on: April 18, 2011, 11:38:14 pm »
I log in successfully to my VPN but I can't go anywhere or access any of my home network.

If I do an IPCONFIG, I get an IP, a subnet mask but no gateway is showing.

Been playing this this over a week and can't figure out what I am missing...

I have the OpenVPN config set up:

my OPENVPN config:
dev tun
persist-tun
persist-key
proto udp
cipher AES-256-CBC
tls-client
client
resolv-retry infinite
remote 117.57.11.132 1194
auth-user-pass
auth-nocache
ca RoadWarrior-CA.crt
pkcs12 nehwon-udp-1194.p12
tls-auth nehwon-udp-1194-tls.key 1
tls-remote www.techbadger.com
comp-lzo
pull
verb 3
ping 10
nobind


When I log in, my status log is:
Mon Apr 18 21:27:36 2011 Local Options hash (VER=V4): '9e7066d2'
Mon Apr 18 21:27:36 2011 Expected Remote Options hash (VER=V4): '162b04de'
Mon Apr 18 21:27:36 2011 UDPv4 link local: [undef]
Mon Apr 18 21:27:36 2011 UDPv4 link remote: 117.57.11.132:1194
Mon Apr 18 21:27:36 2011 TLS: Initial packet from 117.57.11.132:1194, sid=efff5b35 e87d59ba
Mon Apr 18 21:27:37 2011 VERIFY OK: depth=1,
Mon Apr 18 21:27:37 2011 VERIFY X509NAME OK:
Mon Apr 18 21:27:37 2011 VERIFY OK: depth=0,
CBC' initialized with 256 bit key
Mon Apr 18 21:27:39 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 18 21:27:39 2011 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Apr 18 21:27:39 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 18 21:27:39 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Apr 18 21:27:39 2011 [www.fubar.com] Peer Connection Initiated with 117.57.11.132:1194
Mon Apr 18 21:27:41 2011 SENT CONTROL [www.techbadger.com]: 'PUSH_REQUEST' (status=1)
Mon Apr 18 21:27:41 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.2.1.0 255.255.255.0,route 10.2.200.1,topology net30,ping 10,ping-restart 60,ifconfig 10.2.200.1 10.2.200.5'
Mon Apr 18 21:27:41 2011 OPTIONS IMPORT: timers and/or timeouts modified
Mon Apr 18 21:27:41 2011 OPTIONS IMPORT: --ifconfig/up options modified
Mon Apr 18 21:27:41 2011 OPTIONS IMPORT: route options modified
Mon Apr 18 21:27:41 2011 ROUTE default_gateway=10.2.1.1
Mon Apr 18 21:27:41 2011 TAP-WIN32 device [Local Area Connection 7] opened: \\.\Global\{FCD5345B-06D5-4CAA-B4DD-1A375679A20C}.tap
Mon Apr 18 21:27:41 2011 TAP-Win32 Driver Version 9.7
Mon Apr 18 21:27:41 2011 TAP-Win32 MTU=1500
Mon Apr 18 21:27:41 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.200.6/255.255.255.252 on interface {FCD5345B-06D5-4CAA-B4DD-1A375679A20C} [DHCP-serv: 192.168.200.5, lease-time: 31536000]
Mon Apr 18 21:27:41 2011 Successful ARP Flush on interface [41] {FCD5345B-06D5-4CAA-B4DD-1A375679A20C}
Mon Apr 18 21:27:46 2011 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Mon Apr 18 21:27:46 2011 WARNING: potential route subnet conflict between local LAN [10.2.1.0/255.255.255.0] and remote VPN [10.2.1.0/255.255.255.0]
Mon Apr 18 21:27:46 2011 C:\WINDOWS\system32\route.exe ADD 10.2.1.0 MASK 255.255.255.0 192.168.200.5
Mon Apr 18 21:27:46 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Apr 18 21:27:46 2011 Route addition via IPAPI succeeded [adaptive]
Mon Apr 18 21:27:46 2011 C:\WINDOWS\system32\route.exe ADD 10.2.200.1 MASK 255.255.255.255 10.2.200.5
Mon Apr 18 21:27:47 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Apr 18 21:27:47 2011 Route addition via IPAPI succeeded [adaptive]
Mon Apr 18 21:27:47 2011 Initialization Sequence Completed

Any idea what I have set up wrong?
« Last Edit: April 18, 2011, 11:51:18 pm by Disconnect »

Offline ericab

  • Full Member
  • ***
  • Posts: 207
  • Karma: +1/-0
    • View Profile
Re: OpenVPN, no gateway? No Internet
« Reply #1 on: April 18, 2011, 11:52:19 pm »
have you set the firewall to push traffic through your vpn gateway ? check my tutorial in the stickies for ideas.

Offline Disconnect

  • Jr. Member
  • **
  • Posts: 43
  • Karma: +0/-0
    • View Profile
Re: OpenVPN, no gateway? No Internet
« Reply #2 on: April 19, 2011, 01:45:12 am »
I have 2 rules:

One in WAN: [click to toggle enabled/disabled status]       UDP    *    *    WAN address    1194 (OpenVPN)    *    none         OpenVPN OpenVPN access wizard

and one in OPENVPN:
   [click to toggle enabled/disabled status]       *    *    *    *    *    *    none         OpenVPN OpenVPN access wizard 

Looked in all the tutorials, how I came up with my OpenVPN config.

Offline Greg0rz

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: OpenVPN, no gateway? No Internet
« Reply #3 on: April 28, 2011, 06:16:37 pm »
I would just like to say that I am having exactly the same issues as Disconnect.  No gateway shows up in my ipconfig.  

I successfully connect to the vpn, but 0 packets are sent/received.  I am assigned an IP address (10.0.8.6).

I followed the windows idiots guide to pfsense OpenVPN posted and I just can't seem to get it right.  Can anyone help? Here are some screenshots:











« Last Edit: April 28, 2011, 06:30:19 pm by Greg0rz »

Offline dreamslacker

  • Hero Member
  • *****
  • Posts: 956
  • Karma: +33/-0
    • View Profile
Re: OpenVPN, no gateway? No Internet
« Reply #4 on: April 29, 2011, 02:13:43 am »
@greg:  Under local network, add your LAN subnet if you want OpenVPN clients to be able to access the LAN subnet.

If you want to have internet access redirected for the OpenVPN clients, then add the following in the Options box:

push “redirect-gateway def1”

Offline dreamslacker

  • Hero Member
  • *****
  • Posts: 956
  • Karma: +33/-0
    • View Profile
Re: OpenVPN, no gateway? No Internet
« Reply #5 on: April 29, 2011, 02:16:10 am »
@Disconnect:  Here's your problem - Mon Apr 18 21:27:46 2011 WARNING: potential route subnet conflict between local LAN [10.2.1.0/255.255.255.0] and remote VPN [10.2.1.0/255.255.255.0]

You need to set a different subnet for the VPN network than your client's LAN network.  Otherwise, the client system doesn't know where to route traffic to (it sees both the VPN subnet and the LAN subnet as valid choices when it tries to contact the VPN gateway).