Skip to content
Pfsense-OpenVPN routing and DNS issues
Got a problem with Viscosity or need help? Ask here!
Hey all,
{FULL DISCLOSURE}
I have been using pfSense with OpenVPN and the accompanying client for a few months. Was new to VPN's and used guides to figure it all out. I recently have discovered that although working on some level my config is not correct. I can access machines on my local network via IP but not by names. I also has assumed that all traffic was going across the VPN but that was not the case. I had internet browsing but not through the VPN.
I have now discovered the wonderful Viscosity client and the accompanying tutorials. In an effort to better understand how everything works I would like to repair my current config rather than starting over from scratch with the info I have obtained here. I know this might be a longer path to success but I am trying to learn as I go.
{END FULL DISCLOSURE}
I have made the following assumptions in my setup:
My local network is 192.168.1.0/24
Tunnel Network 192.168.3.0/24
Here is the connection log:
Aug 10 12:09:28 PM: State changed to Disconnecting
Aug 10 12:09:28 PM: State changed to Disconnected
Aug 10 12:09:38 PM: State changed to Connecting
Aug 10 12:09:38 PM: Viscosity Windows 1.6.4 (1448)
Aug 10 12:09:38 PM: Running on Microsoft Windows Server 2008 R2 Standard
Aug 10 12:09:38 PM: Bringing up interface...
Aug 10 12:09:38 PM: Checking reachability status of connection...
Aug 10 12:09:39 PM: Connection is reachable. Starting connection attempt.
Aug 10 12:09:39 PM: OpenVPN 2.3.11 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 11 2016
Aug 10 12:09:39 PM: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
Aug 10 12:09:39 PM: UDPv4 link local: [undef]
Aug 10 12:09:39 PM: UDPv4 link remote: [AF_INET]MY-EXTERNAL-IP:1194
Aug 10 12:09:39 PM: [VPN Server Cert] Peer Connection Initiated with [AF_INET]MY-EXTERNAL-IP:1194
Aug 10 12:09:42 PM: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 10 12:09:42 PM: open_tun, tt->ipv6=0
Aug 10 12:09:42 PM: TAP-WIN32 device [pfSense-udp-1194-MY-NAME-viscosity-config] opened: \\.\Global\{654C11EC-1991-4A17-B65C-6A1E03DBE7ED}.tap
Aug 10 12:09:42 PM: Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.3.6/255.255.255.252 on interface {654C11EC-1991-4A17-B65C-6A1E03DBE7ED} [DHCP-serv: 192.168.3.5, lease-time: 31536000]
Aug 10 12:09:42 PM: Successful ARP Flush on interface [34] {654C11EC-1991-4A17-B65C-6A1E03DBE7ED}
Aug 10 12:09:52 PM: ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=34]
Aug 10 12:09:52 PM: env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Aug 10 12:09:52 PM: Initialization Sequence Completed
Aug 10 12:09:54 PM: DNS set to Full.
Aug 10 12:09:54 PM: State changed to Connected
With the Viscosity client I am forcing all traffic across the tunnel. I can access local machines via IP but not by name and I cannot browse the internet. I suspect both routing and DNS issues but could use alittle help with where to look first.
Thanks for reading all this,
James
{FULL DISCLOSURE}
I have been using pfSense with OpenVPN and the accompanying client for a few months. Was new to VPN's and used guides to figure it all out. I recently have discovered that although working on some level my config is not correct. I can access machines on my local network via IP but not by names. I also has assumed that all traffic was going across the VPN but that was not the case. I had internet browsing but not through the VPN.
I have now discovered the wonderful Viscosity client and the accompanying tutorials. In an effort to better understand how everything works I would like to repair my current config rather than starting over from scratch with the info I have obtained here. I know this might be a longer path to success but I am trying to learn as I go.
{END FULL DISCLOSURE}
I have made the following assumptions in my setup:
My local network is 192.168.1.0/24
Tunnel Network 192.168.3.0/24
Here is the connection log:
Aug 10 12:09:28 PM: State changed to Disconnecting
Aug 10 12:09:28 PM: State changed to Disconnected
Aug 10 12:09:38 PM: State changed to Connecting
Aug 10 12:09:38 PM: Viscosity Windows 1.6.4 (1448)
Aug 10 12:09:38 PM: Running on Microsoft Windows Server 2008 R2 Standard
Aug 10 12:09:38 PM: Bringing up interface...
Aug 10 12:09:38 PM: Checking reachability status of connection...
Aug 10 12:09:39 PM: Connection is reachable. Starting connection attempt.
Aug 10 12:09:39 PM: OpenVPN 2.3.11 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 11 2016
Aug 10 12:09:39 PM: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
Aug 10 12:09:39 PM: UDPv4 link local: [undef]
Aug 10 12:09:39 PM: UDPv4 link remote: [AF_INET]MY-EXTERNAL-IP:1194
Aug 10 12:09:39 PM: [VPN Server Cert] Peer Connection Initiated with [AF_INET]MY-EXTERNAL-IP:1194
Aug 10 12:09:42 PM: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 10 12:09:42 PM: open_tun, tt->ipv6=0
Aug 10 12:09:42 PM: TAP-WIN32 device [pfSense-udp-1194-MY-NAME-viscosity-config] opened: \\.\Global\{654C11EC-1991-4A17-B65C-6A1E03DBE7ED}.tap
Aug 10 12:09:42 PM: Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.3.6/255.255.255.252 on interface {654C11EC-1991-4A17-B65C-6A1E03DBE7ED} [DHCP-serv: 192.168.3.5, lease-time: 31536000]
Aug 10 12:09:42 PM: Successful ARP Flush on interface [34] {654C11EC-1991-4A17-B65C-6A1E03DBE7ED}
Aug 10 12:09:52 PM: ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=34]
Aug 10 12:09:52 PM: env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Aug 10 12:09:52 PM: Initialization Sequence Completed
Aug 10 12:09:54 PM: DNS set to Full.
Aug 10 12:09:54 PM: State changed to Connected
With the Viscosity client I am forcing all traffic across the tunnel. I can access local machines via IP but not by name and I cannot browse the internet. I suspect both routing and DNS issues but could use alittle help with where to look first.
Thanks for reading all this,
James
Hi James,
If your client is setup to use pfsense as DNS, and you are routing all traffic this is most likely a DNS and Firewall setup issue on the pfsense appliance. You are best off asking about this on the pfsense forums and posting your configuration there. If no traffic is leaving the OpenVPN subnet, most likely there are no firewall rules to allow it.
Regards,
Eric
If your client is setup to use pfsense as DNS, and you are routing all traffic this is most likely a DNS and Firewall setup issue on the pfsense appliance. You are best off asking about this on the pfsense forums and posting your configuration there. If no traffic is leaving the OpenVPN subnet, most likely there are no firewall rules to allow it.
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts
Page 1 of 1