User Tools

Site Tools


pfsense:vpn:openvpn:troubleshooting:traffic_not_flowing_through_vpn_connection

PFSense - VPN - OpenVPN - Troubleshooting - Traffic not flowing through VPN connection

Want specific clients to automatically go out the VPN Gateway, without having to configure them specifically.

This is done by using the IP address of the client to determine whether it should go out via the VPN.


Problem Statement

VPN interface is up.

Confirmed by many steps as shown below.

NAT is set up to use the VPN Gateway.

Firewall rule is configured to route specific Clients through the VPN Gateway.

Problem seems to be that routing is not working.


Check VPN Interface is UP

Check the Interface on the Dashboard.

It has an IP and is connected.


Check VPN Graph

On Dashboard, VPN graph shows mostly static up and down data.


Check VPN Gateway is Online

Navigate to Status → Gateways.

Shows the OpenVPN Gateway is Online.


Check VPN is UP

Navigate to Status → OpenVPN, shows the VPN is up.


Navigate to Diagnostics → Routes.

As can be seen, only the Monitor IP setup against OpenVPN is showing as connected to ExpressVPN Gateway.


NAT configured to use the VPN

Navigate to Firewall → NAT → Outbound.

A copy of the automatically created rule, LAN to WAN, and simply changing Interface to the VPN one.


Firewall Rules

Firewall rule configured to redirect specific clients out the VPN Gateway.


Navigate to VPN → OpenVPN → Clients.

ExpressVPN:

fast-io;
persist-key;
persist-tun;
remote-random;
pull;
comp-lzo;
tls-client;
verify-x509-name Server name-prefix;
remote-cert-tls server;
key-direction 1;
route-method exe;
route-delay 2;
tun-mtu 1500;
fragment 1300;
mssfix 1450;
verb 3;
sndbuf 524288;
rcvbuf 524288

NornVPN:

tls-client;
remote-random;
tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1450;
persist-key;
persist-tun;
reneg-sec 0;
remote-cert-tls server;

Private Internet Access:

persist-key
persist-tun
remote-cert-tls server
reneg-sec 0

Custom Options:

fast-io;
persist-key;
persist-tun;
remote-random;
#pull;
#route-nopull;
comp-lzo;
tls-client;
verify-x509-name Server name-prefix;
remote-cert-tls server;
key-direction 1;
route-method exe;
route-delay 2;
tun-mtu 1500;
fragment 1300;
mssfix 1450;
verb 3;
sndbuf 524288;
rcvbuf 524288;
resolv-retry infinite;
#push "route 0.0.0.0 255.255.255.0 $1 1";
#push "route 0.0.0.0 255.255.255.0 0.0.0.0 1";
#push "route 0.0.0.0 255.255.255.255 0.0.0.0 1";
#push "redirect-gateway def1 bypass-dhcp";
#push "redirect-gateway def1";
#push "redirect-gateway";
#up "ROUTE add 10.145.0.0 mask 255.255.0.0 192.168.50.66";
#push "route 192.168.50.66 255.255.255.255";
#push "route 192.168.50.66 255.255.255.255 $1 1";
#route-nopull;
#route 192.168.1.66 255.255.255.255;
#route 192.168.50.66 255.255.255.255;
#route 192.168.1.66 255.255.255.255 vpn_gateway;
#route 192.168.50.66 255.255.255.255 vpn_gateway;
#push "route 192.168.50.66 255.255.255.0";
#route 0.0.0.0 255.255.255.255 vpn_gateway;
pfsense/vpn/openvpn/troubleshooting/traffic_not_flowing_through_vpn_connection.txt · Last modified: 2020/11/29 22:54 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki