OpenVPN Support Forum

Hey Everyone.

For a couple of days I am reading and searching for an answer, but the problem appear to be more complex.
I have Pfsense router and I set it up as OpenVPN server and my laptop as a client, so I can log in to my network regardless of where I am.
I have tested up straight away with the other ISP provider entirely separate from what I am using and it works perfectly, but!
When I go home and try the OpenVPN, I log in to the network and I can : Ping everything, SSH to everything, traceroute(correctly), routing table is also correct.
The problem : Everything works except using my browser to access the GUI of the devices I successfully SSH to, I cant also access other pages(it load until timeout).
I am using the same laptop on both locations, the only difference are the locations , even the ISP I am testing with is the same(and I am using the Wi-Fi on the other location)

I have read a lot of posts and troubleshoots but I could not see someone with similar problem. I am completely lost on that and I dont know where to locate the problem.
Have any of you experienced the same thing or have the same problem or have any clue why this is happening.

vaskotoo wrote:When I go home and try the OpenVPN, I log in to the network and I can : Ping everything, SSH to everything, traceroute(correctly), routing table is also correct.
The problem : Everything works except using my browser to access the GUI of the devices I successfully SSH to, I cant also access other pages(it load until timeout).

perhaps the router is not listening on the local LAN.

Hey @Traffic

Traffic wrote:

vaskotoo wrote:When I go home and try the OpenVPN, I log in to the network and I can : Ping everything, SSH to everything, traceroute(correctly), routing table is also correct.
The problem : Everything works except using my browser to access the GUI of the devices I successfully SSH to, I cant also access other pages(it load until timeout).

perhaps the router is not listening on the local LAN.

What exactly do you mean by that?
If I understand the OpenVPN communication correctly, once the connection is established the entire traffic goes as UDP on the physical interface and encapsulated on the end devices(server - client) as local traffic, so all what the home "router" is seeing is a bunch of UDP packets.

I have captured the traffice via Wireshark and I notice there is no HTTP traffic at all, the client communicate with the server, they SYN>ACK>ACK>ACK>FIN correctly, but the part with GET HTTP is missing, the client does not seems to send that request.
But I just notice that the address I check is google, so I am not sure about the GET HTTP there, it might be cached, so I will provide new test with uncached website and come back to the forum.

I finally solved it:

I had to reduce the MTU size of the client interface (the virtual one for the OpenVPN) and that made it work.
Here is the command for it on windows 7 and above I assume the client fail to negotiate with the server about the MTU size and that lead to the timeout

Traffic wrote:

vaskotoo wrote:When I go home and try the OpenVPN, I log in to the network and I can : Ping everything, SSH to everything, traceroute(correctly), routing table is also correct.
The problem : Everything works except using my browser to access the GUI of the devices I successfully SSH to, I cant also access other pages(it load until timeout).

perhaps the router is not listening on the local LAN.

I have ask a question > few days later I found a solution > I posted the solution > No one really approve my posts >   off then, I wont spend anymore my time helping others.

Finally posts have been approved (lol)
I have post the client side fix. But the same thing goes for all the clients so here is the Server side setting.
On Pfsesne : VPN > OpenVPN > Server tab - edit server > Advanced configuration > Advanced : mssfix 1200

I have also prepared a screenshot - not sure for how long will be available:

Offhand, that sounds like a ssh problem: does SSH know to "tunnel" your GUI-packet traffic to its remote-side? Betcha it doesn't.

In other words, if you were connecting to that system without involving OpenVPN, I predict that it wouldn't work either, because ssh doesn't know to look for those packets and to deliver them, through its cryptographically-secure connection, to its remote.

Based on your description, I think that OpenVPN is working exactly as it should. I'm sure that your GUI-packets are making it to that remote machine that's running ssh, and then, falling on the floor with nowhere to go because ssh doesn't know to pick them up.

Google the term: ssh tunnel.