Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Connection to iOS not working since update from 2.4.5p1 to 2.5.2

    Scheduled Pinned Locked Moved OpenVPN
    16 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      highc
      last edited by

      I know that pfSense 2.5.x comes with OpenVPN 2.5, and that OpenVPN 2.5 has updated some things since version 2.4 (as available from here.

      However, having just updated from pfSense 2.4.5p1 to 2.5.2, I cannot figure out what the problem is. I am trying to connect with an iPhone (current iOS, current OpenVPN Connect) to pfSense. For simplicity purposes, I have exported a new inline configuration for OpenVPN Connect and imported that into OpenVPN Connect. Connection works, but IP routing is broken. OpenVPN assigns IPs in 10.0.10.x range, pinging my main LAN 192.168.1 doesn't work.

      Server log:

      Nov 28 22:27:12 firewall openvpn[81118]: 80.187.66.119:23415 peer info: IV_VER=3.git::58b92569
      Nov 28 22:27:12 firewall openvpn[81118]: 80.187.66.119:23415 peer info: IV_PLAT=ios
      Nov 28 22:27:12 firewall openvpn[81118]: 80.187.66.119:23415 peer info: IV_NCP=2
      Nov 28 22:27:12 firewall openvpn[81118]: 80.187.66.119:23415 peer info: IV_TCPNL=1
      Nov 28 22:27:12 firewall openvpn[81118]: 80.187.66.119:23415 peer info: IV_PROTO=2
      Nov 28 22:27:12 firewall openvpn[81118]: 80.187.66.119:23415 peer info: IV_AUTO_SESS=1
      Nov 28 22:27:12 firewall openvpn[81118]: 80.187.66.119:23415 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
      Nov 28 22:27:12 firewall openvpn[81118]: 80.187.66.119:23415 peer info: IV_SSO=openurl
      Nov 28 22:27:12 firewall openvpn[81118]: 80.187.66.119:23415 [User] Peer Connection Initiated with [AF_INET]80.187.66.119:23415
      Nov 28 22:27:12 firewall openvpn[81118]: User/80.187.66.119:23415 MULTI_sva: pool returned IPv4=10.0.10.2, IPv6=(Not enabled)
      

      Client log:

      2021-11-28 22:27:11 1
      
      2021-11-28 22:27:11 ----- OpenVPN Start -----
      OpenVPN core 3.git::58b92569 ios arm64 64-bit
      
      2021-11-28 22:27:11 OpenVPN core 3.git::58b92569 ios arm64 64-bit
      
      2021-11-28 22:27:11 Frame=512/2048/512 mssfix-ctrl=1250
      
      2021-11-28 22:27:11 UNUSED OPTIONS
      0 [persist-tun] 
      1 [persist-key] 
      2 [ncp-ciphers] [AES-256-GCM:AES-128-GCM:AES-256-CBC] 
      5 [tls-client] 
      8 [verify-x509-name] [pfSenseOpenVPNServer] [name] 
      10 [explicit-exit-notify] 
      
      2021-11-28 22:27:11 EVENT: RESOLVE
      
      2021-11-28 22:27:11 Contacting [64:ff9b::5b17:515d]:31194/UDP via UDP
      
      2021-11-28 22:27:11 EVENT: WAIT
      
      2021-11-28 22:27:11 Connecting to [domain.com]:1194 (64:ff9b::5b17:515d) via UDPv6
      
      2021-11-28 22:27:11 EVENT: CONNECTING
      
      2021-11-28 22:27:11 Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client
      
      2021-11-28 22:27:11 Creds: UsernameEmpty/PasswordEmpty
      
      2021-11-28 22:27:11 Peer Info:
      IV_VER=3.git::58b92569
      IV_PLAT=ios
      IV_NCP=2
      IV_TCPNL=1
      IV_PROTO=2
      IV_AUTO_SESS=1
      IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
      IV_SSO=openurl
      
      
      2021-11-28 22:27:11 VERIFY OK: depth=1, /C=XX/ST=state/L=loc/O=org/emailAddress=postmaster@domain.com/CN=pfSenseOpenVPNCA
      
      2021-11-28 22:27:11 VERIFY OK: depth=0, /C=XX/ST=state/L=loc/O=org/emailAddress=postmaster@domain.com/CN=pfSenseOpenVPNServer
      
      2021-11-28 22:27:12 SSL Handshake: CN=pfSenseOpenVPNServer, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
      
      2021-11-28 22:27:12 Session is ACTIVE
      
      2021-11-28 22:27:12 EVENT: GET_CONFIG
      
      2021-11-28 22:27:12 Sending PUSH_REQUEST to server...
      
      2021-11-28 22:27:12 OPTIONS:
      0 [dhcp-option] [DOMAIN] [domain.com] 
      1 [dhcp-option] [DNS] [192.168.1.102] 
      2 [dhcp-option] [NTP] [192.168.1.100] 
      3 [redirect-gateway] [def1] 
      4 [route] [192.168.1.0] [255.255.255.0] 
      5 [route] [192.168.2.0] [255.255.255.0] 
      6 [route] [192.168.2.0] [255.255.255.0] 
      7 [route] [192.168.3.0] [255.255.255.0] 
      8 [route-gateway] [10.0.10.1] 
      9 [topology] [subnet] 
      10 [ping] [10] 
      11 [ping-restart] [60] 
      12 [ifconfig] [10.0.10.2] [255.255.255.0] 
      13 [peer-id] [0] 
      14 [cipher] [AES-256-GCM] 
      
      
      2021-11-28 22:27:12 PROTOCOL OPTIONS:
      cipher: AES-256-GCM
      digest: NONE
      compress: NONE
      peer ID: 0
      
      2021-11-28 22:27:12 EVENT: ASSIGN_IP
      
      2021-11-28 22:27:12 NIP: preparing TUN network settings
      
      2021-11-28 22:27:12 NIP: init TUN network settings with endpoint: x:x::x:x
      
      2021-11-28 22:27:12 NIP: adding IPv4 address to network settings 10.0.10.2/255.255.255.0
      
      2021-11-28 22:27:12 NIP: adding (included) IPv4 route 10.0.10.0/24
      
      2021-11-28 22:27:12 NIP: adding (included) IPv4 route 192.168.1.0/24
      
      2021-11-28 22:27:12 NIP: adding (included) IPv4 route 192.168.2.0/24
      
      2021-11-28 22:27:12 NIP: adding (included) IPv4 route 192.168.2.0/24
      
      2021-11-28 22:27:12 NIP: adding (included) IPv4 route 192.168.3.0/24
      
      2021-11-28 22:27:12 NIP: redirecting all IPv4 traffic to TUN interface
      
      2021-11-28 22:27:12 NIP: adding match domain domain.com
      
      2021-11-28 22:27:12 NIP: adding DNS 192.168.1.102
      
      2021-11-28 22:27:12 Connected via NetworkExtensionTUN
      
      2021-11-28 22:27:12 EVENT: CONNECTED domain.com:31194 (x:x::x:x) via /UDPv6 on NetworkExtensionTUN/10.0.10.2/ gw=[/]
      
      
      2021-11-28 22:28:06 EVENT: DISCONNECTED
      
      2021-11-28 22:28:06 Raw stats on disconnect:
      BYTES_IN : 4694
      BYTES_OUT : 13414
      PACKETS_IN : 16
      PACKETS_OUT : 116
      TUN_BYTES_IN : 6709
      TUN_PACKETS_IN : 104
      
      2021-11-28 22:28:06 Performance stats on disconnect:
      CPU usage (microseconds): 100486
      Tunnel compression ratio (downlink): inf
      Network bytes per CPU second: 180204
      Tunnel bytes per CPU second: 66765
      

      I can see from the client log that the target routes are pushed. But pinging 10.0.10.1 doesn't even work, let alone any host on any of the subnets for which routes are pushed.

      OpenVPN config on pfSense (cat /var/etc/openvpn/server1/config.ovpn):

      dev ovpns1
      verb 1
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp4
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 91.23.81.93
      tls-server
      server 10.0.10.0 255.255.255.0
      client-config-dir /var/etc/openvpn/server1/csc
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfSenseOpenVPNServer' 1"
      lport 1194
      management /var/etc/openvpn/server1/sock unix
      max-clients 2
      push "dhcp-option DOMAIN domain.com"
      push "dhcp-option DNS 192.168.1.102"
      push "dhcp-option NTP 192.168.1.100"
      push "redirect-gateway def1"
      client-to-client
      duplicate-cn
      capath /var/etc/openvpn/server1/ca
      cert /var/etc/openvpn/server1/cert
      key /var/etc/openvpn/server1/key
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server1/tls-auth 0
      data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
      data-ciphers-fallback AES-256-CBC
      persist-remote-ip
      float
      topology subnet
      sndbuf 524288
      rcvbuf 524288
      push "route 192.168.1.0 255.255.255.0"
       push "route 192.168.2.0 255.255.255.0"
       push "route 192.168.2.0 255.255.255.0"
       push "route 192.168.3.0 255.255.255.0"
      

      Any help you could provide would be highly appreciated. Thanks.

      pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
      pfSense 2.6 on Super Micro 5018D-FN4T (retired)

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @highc
        last edited by Gertjan

        @highc

        OpenVPN Connection to iOS

        pfSense the client, and it connects to an iOS device ?

        For me, it's the other way arround :
        pfSense server Open log :

        OpenVPN 2.5.2 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 24 2021
        library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
        NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
        WARNING: experimental option --capath /var/etc/openvpn/server1/ca
        TUN/TAP device ovpns1 exists previously, keep at program end
        TUN/TAP device /dev/tun1 opened
        /sbin/ifconfig ovpns1 192.168.3.1 192.168.3.2 mtu 1500 netmask 255.255.255.0 up
        /sbin/ifconfig ovpns1 inet6 2001:470:beaf:3::1/64 mtu 1500 up
        /sbin/ifconfig ovpns1 inet6 -ifdisabled
        /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 192.168.3.1 255.255.255.0 init
        UDPv4 link local (bound): [AF_INET]192.168.10.3:1194
        UDPv4 link remote: [AF_UNSPEC]
        NOTE: IPv4 pool size is 252, IPv6 pool size is 65536. IPv4 pool size limits the number of clients that can be served from the pool
        Initialization Sequence Completed
        

        When I use the OpenVPN client on my iPhone, I see (pfSense openvpn server log) :

        92.184.108.228:60084 peer info: IV_VER=3.git::58b92569
        92.184.108.228:60084 peer info: IV_PLAT=ios
        92.184.108.228:60084 peer info: IV_AUTO_SESS=1
        92.184.108.228:60084 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
        92.184.108.228:60084 peer info: IV_SSO=openurl
        92.184.108.228:60084 [MyPhone-iPhone] Peer Connection Initiated with [AF_INET]92.184.108.228:60084
        MyPhone-iPhone/92.184.108.228:60084 MULTI_sva: pool returned IPv4=192.168.3.2, IPv6=2001:470:beaf:3::1000
        

        92.184.108.228 is the IPv4 of my iPhone.

        Btw : I do not have thse :

        sndbuf 524288
        rcvbuf 524288
        push "route 192.168.1.0 255.255.255.0"
         push "route 192.168.2.0 255.255.255.0"
         push "route 192.168.2.0 255.255.255.0"
         push "route 192.168.3.0 255.255.255.0"
        

        "Compression" is set to disabled.

        b39053e6-d097-45fd-a68e-fc868a7fee87-image.png

        My "Custom options" is empty.

        You have :
        tls-auth /var/etc/openvpn/server1/tls-auth 0
        I have (the newer ?)
        tls-crypt /var/etc/openvpn/server1/tls-crypt

        Probably because I use :

        b960b987-3f7b-4663-bb6d-fd58eec7e4a0-image.png
        (I'm not bothering with a user name password and unique certs ... - just the certs is fine to me)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        H 1 Reply Last reply Reply Quote 0
        • H
          highc @Gertjan
          last edited by

          Thanks, @gertjan.

          Our setup is similar in the sense that we're trying to get iOS devices connected to the OpenVPN server running on pfSense. I need to the push route statements, as my VPN connects to a different subnet in which alone the connected iOS device cannot do anything. I.e. it needs to connect to my other subnets.

          I have

          92e4bb1f-a8ce-4922-b077-14bed5c1f53e-grafik.png

          as well. I guess the difference in tls-statements is probably rather related to these aspects:

          b675e07c-e39c-486c-b55d-a49b83b25131-grafik.png

          As I'm only using IPv4, I didn't bother with IPv6, but am also moving all traffic through the VPN, if connected:

          cb259e86-192c-4625-86a6-8b9c9f26d051-grafik.png

          Compression is disabled here as well.

          As you can see from the logs, the connection as such appears to work, at least from pfSense's point of view. But pings (even to the 10.0.10.1 of pfSense itself) are not possible, nor is any meaningful use, as I cannot ping anything outside of 10.0.10.0/24, either.

          pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
          pfSense 2.6 on Super Micro 5018D-FN4T (retired)

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @highc
            last edited by

            @highc

            Hummmm.
            Just to be sure : you have a pas-all rule on the "OpenVPN" interface ?
            Or, You have no rules on that 'OpenVPN' interface, but you've created yourself a OPENVPN (or whatever name you chose) interface with these rrules :

            ad5509e4-9017-408a-9bfe-326c0df0499a-image.png

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            H 1 Reply Last reply Reply Quote 0
            • H
              highc @Gertjan
              last edited by

              @gertjan Yes, I have all-pass-through rules on the OpenVPN tab, and I have an individual all-pass-through rule on the interface that I created for OpenVPN as well.

              Trying to drill down on the IP routing, I tried to drill into that a bit more. Pings from the iPhone don't work, so I'm trying to ping the iPhone from the pfSense:

              t: ping 10.0.10.2
              PING 10.0.10.2 (10.0.10.2): 56 data bytes
              36 bytes from 62.155.245.93: Destination Net Unreachable
              Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
               4  5  00 0054 85d7   0 0000  40  01 345c 91.23.81.93  10.0.10.2
              

              Tell me, if my approach is too simplistic. But I would have expected traffic for 10.0.10.0/24 to be routed to the VPN, but the fact that pfSense shows a response from 62.155.245.93 (my provider's gateway - NOT my phone's public IP) suggests to me that VPN routing within pfSense is broken...?

              pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
              pfSense 2.6 on Super Micro 5018D-FN4T (retired)

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @highc
                last edited by

                @highc

                When I connect my iPhone using the OpenVPN app, it obtains a 192.168.3.2 (192.168.3.1/24 being the OpenVPN IPv4 network) :

                47624a16-185e-4c82-a179-f3ab7145d78f-image.png

                From a PC on my LAN (192.168.1.1/24 ) I can ping my iPhone on 192.168.3.2.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                H 1 Reply Last reply Reply Quote 0
                • H
                  highc @Gertjan
                  last edited by

                  @gertjan

                  Thx, so this confirms that routing is broken here since the update.

                  I just googled the command for showing the routing table, and it seems that there is something missing for the OpenVPN net 10.0.10.0/24:

                   netstat -r
                  Routing tables
                  
                  Internet:
                  Destination        Gateway            Flags     Netif Expire
                  default            p3e9bf55d.dip0.t-i UGS      pppoe0
                  10.0.11.0/24       link#16            U        ovpns2
                  10.0.11.1          link#16            UHS         lo0
                  10.8.0.0/24        gateway            UGS       lagg0
                  10.9.0.0/24        gateway            UGS       lagg0
                  p3e9bf55d.dip0.t-i link#14            UH       pppoe0
                  p5b17515d.dip0.t-i link#14            UHS         lo0
                  localhost          link#6             UH          lo0
                  192.168.1.0/24     link#9             U         lagg0
                  firewall           link#9             UHS         lo0
                  192.168.2.0/24     gateway            UGS       lagg0
                  192.168.3.0/24     link#10            U      lagg0.30
                  192.168.3.1        link#10            UHS         lo0
                  192.168.4.0/24     link#3             U          igb0
                  192.168.4.2        link#3             UHS         lo0
                  192.168.5.0/24     link#11            U      lagg0.50
                  192.168.5.1        link#11            UHS         lo0
                  192.168.6.0/24     link#12            U      lagg0.60
                  192.168.6.1        link#12            UHS         lo0
                  192.168.7.0/24     link#13            U      lagg0.70
                  192.168.7.1        link#13            UHS         lo0
                  

                  Would you happen to know how to fix this?

                  pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
                  pfSense 2.6 on Super Micro 5018D-FN4T (retired)

                  GertjanG johnpozJ 2 Replies Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @highc
                    last edited by

                    @highc said in OpenVPN Connection to iOS not working since update from 2.4.5p1 to 2.5.2:

                    Would you happen to know how to fix this?

                    Undo whatever you did, related to routing ?
                    ( honstly, I don't know how to 'read' a routing table to see what needs to be done where ).

                    My IPv4 routing table is pretty straight forward :

                    04cf3ec8-f099-4c9b-a392-150b68157ef6-image.png

                    As I'm using :
                    a upstream ISP router using 192.168.10.1 - pfSense WAN is 192.168.1.3
                    pfPblockerNG uses 10.10.10.1
                    I consider my routes 'simple'.

                    You can clearly see 192.168.3.0 being the "OpenVPN" interface.

                    What you could do :
                    Take a know, recent ( !! - as it needs to be OpenVPN 2.5.2, that is the openVPN version, not the pfSense version that happens to be the same right now ) Youtube Video (example : Lawrence ?) and use that to make a working connection.
                    When it works, add you own changes 'up until it fails'. Then you know what the issue is.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    H 1 Reply Last reply Reply Quote 0
                    • H
                      highc @Gertjan
                      last edited by

                      @gertjan said in OpenVPN Connection to iOS not working since update from 2.4.5p1 to 2.5.2:

                      Undo whatever you did, related to routing ?

                      Just to be clear: The only thing I did, was upgrade vom 2.4.5p1. It worked there. Since them, I'm trying to get back to the state I had with 2.4.5p1.

                      pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
                      pfSense 2.6 on Super Micro 5018D-FN4T (retired)

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @highc
                        last edited by

                        @highc

                        The (a) OpenVPN setup probably needs some changes as many Open-VPN parameters changed when shifted from 2.4.x to 2.5.y.

                        I advise you to read what you mentioned :

                        @highc said in OpenVPN Connection to iOS not working since update from 2.4.5p1 to 2.5.2:

                        (as available from here.

                        There is a big :

                        118df16d-32a0-41e8-a49b-819f6024054d-image.png

                        section.

                        Don't forget to export a newer opvn file for the clients.

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        H 1 Reply Last reply Reply Quote 0
                        • H
                          highc @Gertjan
                          last edited by highc

                          @gertjan
                          Ok, I did not just point to that section, but I actually read it ("of course, I'm tempted to say"). It might be that ...

                          Linux-specific features
                          
                              - VRF support
                              - Netlink integration (OpenVPN no longer needs to execute ifconfig/route or ip commands)
                          
                          

                          ... the netlink part is related to my problem. But there is no config option on this in pfSense. Neither would I know how to debug that part in pfSense. I'm happy to execute commands, but it would be great, if someone with a bit of background knowledge of how this works in pfSense could help me.

                          And as I said above, I did recreate the client config, exported it, and imported it again into the client. Doesn't work. I could redo the whole thing now for the third again and hope for a different outcome this time. But that sounds like a very desperate approach.

                          There are, by the way, open bug reports for OpenVPN related to pushing routes (e.g., here and here). But whether or not that is related to my problem where I can't even ping the OpenVPN client itself from pfSense, I don't know.

                          pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
                          pfSense 2.6 on Super Micro 5018D-FN4T (retired)

                          GertjanG 1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan @highc
                            last edited by

                            @highc

                            You entered this :

                            push "route 192.168.1.0 255.255.255.0"
                             push "route 192.168.2.0 255.255.255.0"
                             push "route 192.168.2.0 255.255.255.0"
                             push "route 192.168.3.0 255.255.255.0"
                            

                            ?

                            ( and why a leading space the last 3 lines ?)

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator @highc
                              last edited by johnpoz

                              @highc said in OpenVPN Connection to iOS not working since update from 2.4.5p1 to 2.5.2:

                              something missing for the OpenVPN net 10.0.10.0/24:

                              You would not push the tunnel network you setup.. These should be in the routing table of pfsense, if openvpn is running.

                              example I use 10.0.8/24 and 10.0.200.248/29 in my tunnel networks.

                              tunnels.jpg

                              routing table on pfsense shows these..

                              routes.jpg

                              There really is little reason to use push route, networks you want your clients to get to should be listed in the local networks of your vpn

                              When not using the force gateway parameter

                              force.jpg

                              Notice if I disable the vpn instance, that route is no longer listed in pfsense for that tunnel network.

                              disabled.jpg

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              GertjanG H 2 Replies Last reply Reply Quote 0
                              • GertjanG
                                Gertjan @johnpoz
                                last edited by

                                @johnpoz said in OpenVPN Connection to iOS not working since update from 2.4.5p1 to 2.5.2:

                                You would not push the tunnel network you setup.

                                Did I miss that ?
                                He isn't pushing "10.0.10.0 255.255.255.0" (right ?)

                                As I have a

                                server 192.168.3.0 255.255.255.0
                                

                                because my tunnel is 192.168.3.0/24

                                @highc has

                                server 10.0.10.0 255.255.255.0
                                

                                as 10.0.10.0 is is tunnel.

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                johnpozJ 1 Reply Last reply Reply Quote 0
                                • H
                                  highc @johnpoz
                                  last edited by

                                  Ok, thanks. I've now configured the VPN to route all IPv4 traffic via the VPN. That works. Will leave it at that. 😀

                                  pfSense+ 24.03 on Netgate SG-2100 (replaced SG-2440)
                                  pfSense 2.6 on Super Micro 5018D-FN4T (retired)

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ
                                    johnpoz LAYER 8 Global Moderator @Gertjan
                                    last edited by

                                    @gertjan said in OpenVPN Connection to iOS not working since update from 2.4.5p1 to 2.5.2:

                                    He isn't pushing "10.0.10.0 255.255.255.0" (right ?)

                                    No he isn't pushing it - but you wouldn't need too.. The problem I saw with his configuration was that pfsense showed no route for his tunnel.

                                    tunnel.jpg

                                    So something glitched or his instance wasn't actually running as I showed. If the instance is running there should be routes on pfsense for that tunnel network. See where I tuned off my instance and the route went away.

                                    My point about pushing as well - is there is really no reason to have to add those. As long as you list them as local networks they are auto pushed.. You don't need to add them to the options box, etc.

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.