I think the question is about whether you have a firewall rule permitting outbound traffic from your lan through the openvpn interface with NAT for the traffic.mbhinder wrote:Thanks for the reply - yes I am an FTTN customer like yourself. I haven't added any outbound settings to pfSense but I logged onto the appliance and verified that I could telnet to port 1914 on the VPN. I also ran tcpdump and saw packets going out of pfSense but no packets coming back from the VPN. Maybe our AT&T modems are different models?
Would you have a link to any documentation that you used to configure your appliance?
I know it's an easy step to forget, as I've forgotten to do it in the past! pfsense treats a VPN interface as a firewall interface with its own default deny policy.
I followed the wizard to set up my connection to my commercial VPN provider and the wizard did take me to the outbound nat page.
the guide I've found most helpful in general is this one
https://forum.pfsense.org/index.php?topic=76015.0
(registration, I think, required to post there but not to view)
another key point is setting up routing to use the VPN. I have my system configured to use the VPN as the default route, with an explicit route to the att network for one traditional DNS host and with dnscrypt as my preferred DNS lookup type. when the system is running correctly I send out less than one cleartext DNS lookup a day.
I need that one host able to do traditional DNS so that I can bring the tunnel up - my VPN provider has a group of servers resolved via hostname.