Pfsense-OpenVPN routing and DNS issues

Got a problem with Viscosity or need help? Ask here!

jnewman33

Posts: 1
Joined: Wed Aug 10, 2016 6:07 am

Post by jnewman33 » Thu Aug 11, 2016 2:23 am
Hey all,

{FULL DISCLOSURE}
I have been using pfSense with OpenVPN and the accompanying client for a few months. Was new to VPN's and used guides to figure it all out. I recently have discovered that although working on some level my config is not correct. I can access machines on my local network via IP but not by names. I also has assumed that all traffic was going across the VPN but that was not the case. I had internet browsing but not through the VPN.

I have now discovered the wonderful Viscosity client and the accompanying tutorials. In an effort to better understand how everything works I would like to repair my current config rather than starting over from scratch with the info I have obtained here. I know this might be a longer path to success but I am trying to learn as I go.
{END FULL DISCLOSURE}


I have made the following assumptions in my setup:
My local network is 192.168.1.0/24
Tunnel Network 192.168.3.0/24

Here is the connection log:
Aug 10 12:09:28 PM: State changed to Disconnecting
Aug 10 12:09:28 PM: State changed to Disconnected
Aug 10 12:09:38 PM: State changed to Connecting
Aug 10 12:09:38 PM: Viscosity Windows 1.6.4 (1448)
Aug 10 12:09:38 PM: Running on Microsoft Windows Server 2008 R2 Standard
Aug 10 12:09:38 PM: Bringing up interface...
Aug 10 12:09:38 PM: Checking reachability status of connection...
Aug 10 12:09:39 PM: Connection is reachable. Starting connection attempt.
Aug 10 12:09:39 PM: OpenVPN 2.3.11 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 11 2016
Aug 10 12:09:39 PM: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
Aug 10 12:09:39 PM: UDPv4 link local: [undef]
Aug 10 12:09:39 PM: UDPv4 link remote: [AF_INET]MY-EXTERNAL-IP:1194
Aug 10 12:09:39 PM: [VPN Server Cert] Peer Connection Initiated with [AF_INET]MY-EXTERNAL-IP:1194
Aug 10 12:09:42 PM: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 10 12:09:42 PM: open_tun, tt->ipv6=0
Aug 10 12:09:42 PM: TAP-WIN32 device [pfSense-udp-1194-MY-NAME-viscosity-config] opened: \\.\Global\{654C11EC-1991-4A17-B65C-6A1E03DBE7ED}.tap
Aug 10 12:09:42 PM: Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.3.6/255.255.255.252 on interface {654C11EC-1991-4A17-B65C-6A1E03DBE7ED} [DHCP-serv: 192.168.3.5, lease-time: 31536000]
Aug 10 12:09:42 PM: Successful ARP Flush on interface [34] {654C11EC-1991-4A17-B65C-6A1E03DBE7ED}
Aug 10 12:09:52 PM: ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=34]
Aug 10 12:09:52 PM: env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Aug 10 12:09:52 PM: Initialization Sequence Completed
Aug 10 12:09:54 PM: DNS set to Full.
Aug 10 12:09:54 PM: State changed to Connected


With the Viscosity client I am forcing all traffic across the tunnel. I can access local machines via IP but not by name and I cannot browse the internet. I suspect both routing and DNS issues but could use alittle help with where to look first.

Thanks for reading all this,

James

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Thu Aug 11, 2016 10:03 am
Hi James,

If your client is setup to use pfsense as DNS, and you are routing all traffic this is most likely a DNS and Firewall setup issue on the pfsense appliance. You are best off asking about this on the pfsense forums and posting your configuration there. If no traffic is leaving the OpenVPN subnet, most likely there are no firewall rules to allow it.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1