Differences

This shows you the differences between two versions of the page.

--- pfsense:openvpn:troubleshooting:traffic_not_flowing_through_vpn_connection [2020/04/25 16:14] – peter
+++ pfsense:openvpn:troubleshooting:traffic_not_flowing_through_vpn_connection [2020/11/29 22:54] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== PFSense - OpenVPN - Troubleshooting - Traffic not flowing through VPN connection ======
-Want specific clients to automatically go out the VPN Gateway, without having to configure them specifically.
-This is done by using the IP address of the client to determine whether it should go out via the VPN.
-----
-===== Problem Statement =====
-VPN interface is up.
-Confirmed by many steps as shown below.
-NAT is set up to use the VPN Gateway.
-Firewall rule is configured to route specific Clients through the VPN Gateway.
-Problem seems to be that routing is not working.
-----
-===== Check VPN Interface is UP =====
-Check the Interface on the Dashboard.
-It has an IP and is connected.
-{{:pfsense:openvpn:troubleshooting:pfsense_-_interfaces_-_expressvpn_-_france_-_1_-_connected.png?800|}}
-----
-===== Check VPN Graph =====
-On Dashboard, VPN graph shows mostly static up and down data.
-{{:pfsense:openvpn:troubleshooting:pfsense_-_interfaces_-_expressvpn_-_france_-_1_-_connected_-_graph.png?800|}}
-----
-===== Check VPN Gateway is Online =====
-Navigate to **Status -> Gateways**.
-Shows the OpenVPN Gateway is Online.
-{{:pfsense:openvpn:troubleshooting:pfsense_-_status_-_gateways_-_expressvpn_-_paris_-_1_-_connected.png?800|}}
-----
-===== Check VPN is UP =====
-Navigate to **Status -> OpenVPN**, shows the VPN is up.
-{{:pfsense:openvpn:troubleshooting:pfsense_-_status_-_openvpn_-_expressvpn_-_paris_-_1_-_up.png?800|}}
-----
-Navigate to **Diagnostics -> Routes**.
-As can be seen, only the Monitor IP setup against OpenVPN is showing as connected to ExpressVPN Gateway.
-{{:pfsense:openvpn:troubleshooting:pfsense_-_dianostics_-_routes_-_expressvpn_-_only_monitor.png?800|}}
-----
-===== NAT configured to use the VPN =====
-Navigate to **Firewall -> NAT -> Outbound**.
-A copy of the automatically created rule, LAN to WAN, and simply changing **Interface** to the VPN one.
-{{:pfsense:openvpn:troubleshooting:pfsense_-_firewall_-_nat_-_outbound_-_expressvpn_-_france_-_paris_-_1.png?800|}}
-----
-===== Firewall Rules =====
-Firewall rule configured to redirect specific clients out the VPN Gateway.
-----
-Navigate to **VPN -> OpenVPN -> Clients**.
-ExpressVPN:
-<code>
-fast-io;persist-key;persist-tun;remote-random;pull;comp-lzo;tls-client;verify-x509-name Server name-prefix;remote-cert-tls server;key-direction 1;route-method exe;route-delay 2;tun-mtu 1500;fragment 1300;mssfix 1450;verb 3;sndbuf 524288;rcvbuf 524288
-</code>
-Custom Options:
-<code>
-fast-io;
-persist-key;
-persist-tun;
-remote-random;
-#pull;
-#route-nopull;
-comp-lzo;
-tls-client;
-verify-x509-name Server name-prefix;
-remote-cert-tls server;
-key-direction 1;
-route-method exe;
-route-delay 2;
-tun-mtu 1500;
-fragment 1300;
-mssfix 1450;
-verb 3;
-sndbuf 524288;
-rcvbuf 524288;
-resolv-retry infinite;
-#push "route 0.0.0.0 255.255.255.0 $1 1";
-#push "route 0.0.0.0 255.255.255.0 0.0.0.0 1";
-#push "route 0.0.0.0 255.255.255.255 0.0.0.0 1";
-#push "redirect-gateway def1 bypass-dhcp";
-#push "redirect-gateway def1";
-#push "redirect-gateway";
-#up "ROUTE add 10.145.0.0 mask 255.255.0.0 192.168.50.66";
-#push "route 192.168.50.66 255.255.255.255";
-#push "route 192.168.50.66 255.255.255.255 $1 1";
-#route-nopull;
-#route 192.168.1.66 255.255.255.255;
-#route 192.168.50.66 255.255.255.255;
-#route 192.168.1.66 255.255.255.255 vpn_gateway;
-#route 192.168.50.66 255.255.255.255 vpn_gateway;
-#push "route 192.168.50.66 255.255.255.0";
-#route 0.0.0.0 255.255.255.255 vpn_gateway;
-</code>