Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 6114 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN (SSL VPN) - Connection successful but no LAN/WAN access

Casual_User

There has been a number of posts on this, and I believe that I've read them all.  So, I am at a loss why I cannot access my LAN from the VPN.

I have followed this guide to set up the VPN:
https://community.sophos.com/kb/en-us/122769

The above guide did mention the VPN to LAN firewall rule but not the LAN to VPN firewall rule that I've seen mentioned elsewhere which I've added.  I've also included a VPN to WAN rule.

I have reviewed these troubleshooting steps:
https://community.sophos.com/kb/en-us/127189#SSL%20VPN%20users%20are%20not%20able%20to%20transfer%20data

What I can do (using my iPhone with Wifi off and going onto my carrier's LTE network):
1) I can successfully connect to the XG using OpenVPN.  It connects with IPv4 and IPv6 (dual stack).
2) I can ping my LAN server.
3) My firewall rules for LAN to VPN, VPN to LAN and VPN to WAN all show data in and data out after I try to access the LAN or WAN.  My VPN rules do not have filtering or MASQ turned on.

I can access LAN and WAN when connected with OpenVPN through my Wifi.

What I cannot do:
a) I cannot access the internet.
b) I cannot access anything on my LAN via the web browser.

I have deleted and reinstalled the OpenVPN client on my iPhone with no change in the results.

It seems that something is blocking/filtering the VPN traffic.  I just cannot figure out what it is...

Thanks for any pointers...



This thread was automatically locked due to age.
  • +1

    After researching every possible cause to no avail, I went through the OpenVPN log one last time.  There was not a single error but it did state that it was connected with an MTU of 1500.  I went through the client configuration file and I could not see the setting for MTU anywhere.  So, I added mssfix with the correct MTU-40 and presto it worked perfectly.  What an incredibly frustrating thing to troubleshoot!

  • 0 in reply to Casual_User

    Thought I'd update this.  Adjusting the MTU of the VPN connection using tun-mtu works much better than using mssfix.