Hi everybody,
please help me to find my fault. I am totaly depressed because I have no glue why this is not working.
I want
OPENVPN-Client (Ubuntu Notebook with UMTS) --> Internet --> PFSense Firewall --> OpenVPN-Server (Ubuntu Server)
What is working:
- I can establish a connection from the Client to the OpenVPN-Server. All devices can ping each other. Even I can open local webpages or samba shares on 192.168.5.205 or 192.168.5.4 (other server on the lan).
IP-Client: 10.8.0.6
IP-Server (tun0): 10.8.0.1
IP-Server (eth0): 192.168.5.205
IP-PFSense Gateway: 192.168.5.1
My Configurations:
/etc/openvpn/server.conf (reduced to the most important things)
dev tun
server 10.8.0.0 255.255.255.0
push "route 192.168.5.0 255.255.255.0"
push "redirect-gateway"
/etc/network/iptables
*nat
: POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/24 -d 192.168.5.0/24 -j SNAT --to-source 192.168.5.205
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MAQUERADE
COMMIT
I can confirm that all traffic is routed through the VPN.
ip route show (on the server)
default via 192.168.5.1 dev eth0
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
192.168.5.0/24 dev eth0 proto kernel sceope link src 192.168.5.205
Problem 1:
- I can ping from the client
http://www.google.de and it shows me the IP 173.194.39.23
- I can do traceroute
http://www.google.de and it takes quite a long time:
1 10.8.0.1 80 ms
2 37.148.137.57 500ms
3 217.0.67.250 600ms
...
- But if i try to open
http://www.google.de on the page it shows me a "timeout"
- I can see no blocked packages in my pfsense firewall from the source 10.8.*
Assumption 1:
can you confirm that I have internet access via openvpn. Otherwise it should not be possible to ping anything.
but where is the problem that I can not open url pages? Is the channel back blocked? How can I debug where the problem is?
Problem 2:
- I can open via openvpn all different clients in the lan (I can open 192.168.5.* via openvpn).
- But some pages are not shown correctly. For example If I open seafile via 192.168.5.205 from the LAN everything is perfect.
- If I open same page via openvpn it show me only half of the page and it seems like the computer has huge problems to resolve the url.
Do you have any idea what the problem is? It is pfsense? Is it iptables?
Thanks for your help.