News:

Welcome to the Home Network Guy forum!

Main Menu

OpenVPN set up : connected but...not working yet

Started by Alex_53408, May 03, 2023, 06:14:48 PM

Previous topic - Next topic

Alex_53408

Hi everyone,

Firstly, many thanks to Home Network Guy for this great website: I was looking for resources to get started with OPNSense and then add on more and more features, and that's the perfect place to find this - big thanks!  :)

I have a question about OpenVPN set up in the following use case :
- OPNSense is connected between the home internet access and the LAN
- I would like to route the traffic from OPNSense to a VPN server via OpenVPN
- so far, I have followed different tutorials, including this one found in this forum (although I don't look to use policy based routing for now) : https://community.spiceworks.com/how_to/177167-policy-based-routing-via-vpn[/li][/list]

At this stage :
a) the OpenVPN client appears as "connected" in the screen VPN> OpenVPN> Connection Status :  there are both a virtual and a real remote Ip address.
b) however, when checking the Ip address on a site such as ipinfo.io, the displayed Ip is the address provided by my ISP, not the one coming from the VPN service provider, although this address can be seen in the connection status (point a) above)
c) then, in the same VPN> OpenVPN> Connection Status  screen, there is line for another vpn client. That line is empty though (no ip addresses) and it ends with a failed status. But I can't figure out where this comes from (please see attached screenshot).

I found different tutorials about OpenVPN set up in PfSense which mention things about adding routes, but these fields look different compared to the screens in OPNsense.

Because I kind of had to mix inputs from different sources, it's likely something is missing there, but any idea about how to solve this would be really welcome.

Many thanks !

Alex

Home Network Guy

Thanks! I'm glad you found the information helpful.

As you may have noticed, I haven't written about connecting to external VPN providers using OPNsense as an OpenVPN client. I only wrote about using OPNsense as an OpenVPN server. It is on my todo list to write about how to do external VPN connections, but since I haven't spent much time with the topic yet, I can't really offer a lot of advice at the moment, unfortunately.

I don't know if you need to setup the appropriate outbound NAT rules and/or set your default gateway to be the VPN provider so all traffic goes out the VPN. Since you don't want to use policy based routing, I'm assuming you want all traffic to go through the VPN (and I'm also assuming you don't need policy based routing if you're routing everything through the VPN since you're not routing only certain VLANs through the VPN). These are some areas I'm not clear on yet since I haven't taken the time to learn and try out various VPN connections to external VPN services.

Alex_53408

#2
Hi again,

Sorry for the late response and many thanks for getting back to me on this thread.

The funny thing is that I saw your post comparing OPNsense and pfSense, that's a very interesting comparison while actually, in the meantime, I had already switched to pfSense, where I could set up the OpenVPN - or at least I would say apparently :).

At the moment, I am still in an exploration phase, with a basic configuration but while both solutions are great and quite rich, I feel to be more at ease with the pfSense GUI - just a matter of taste. And as most configurations and options are similar to those in OPNsense, this website will still be of great help!

Btw, one difference that I noted between the two systems - and maybe that is the reason why I couldn't set up the VPN in OPNsense but could do it in pfSense - might be linked to hardware compatibility, and especially NICs : I noted some instability with a few NICs on the WAN interface when using OPNsense, while for instance one the NICs that didn't work at all with OPNsense, seems to be working fine with pfSense.

Not sure what the cause of that can be, but it looks like there are more hw compatibility probes on the website https://bsd-hardware.info (nb: there is a linux page too) for OPNsense than for pfSense : it could mean more OPNsense users than for pfSense, or that OPNsense users experience more hw issues and therefore run probes. Just sharing this for info and for thoughts.

Any way, I'll be back to read further pages on the website and look a little bit on rules.

Have a great day!

Home Network Guy

Thanks! I apologize for the late response too. Been busy working on content.

It's funny you mention using my site to help you with pfSense because usually it's the other way around. Many OPNsense users use pfSense documentation since there is not as much documentation available in general than pfSense, part of a the reason I created my website.

Interesting note about hardware incompatibility because I haven't encountered that but I use most Intel NICs but recently I reviewed a unit with 10G Mellanox SFP+ and all I needed to do was manually enable the driver via command line and reboot. Worked perfectly after that. I know that Realtek is an issue with FreeBSD in general.