Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multipurpose openvpn server with /30 client specific override

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 941 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jlord87
      last edited by

      Hi everybody!

      I've spent the last two days googling and testing trying to apply this howtos: https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server

      I'm trying to create a single VPN and some override for specific users;
      under linux everything works great. Under Windows some route is missing, the client doesn't get a gateway and so is not able to route traffic.

      here are my subnets:
      LAN: 192.168.3.0/24
      openVPN server: 192.168.37.0/24
      CSC subnets: 10.33.250.0/30, 10.33.250.4/30, 10.33.250.8/30 etc.

      here my server conf:

      dev ovpns4
verb 1
dev-type tun
dev-node /dev/tun4
writepid /var/run/openvpn_server4.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.133.2
engine cryptodev
tls-server
server 192.168.37.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server4
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'vpn.reteccs.org' 1"
lport 1194
management /var/etc/openvpn/server4.sock unix
max-clients 15
push "route 192.168.3.0 255.255.255.0"
push "dhcp-option DNS 192.168.3.41"
ca /var/etc/openvpn/server4.ca 
cert /var/etc/openvpn/server4.cert 
key /var/etc/openvpn/server4.key 
dh /etc/dh-parameters.1024
crl-verify /var/etc/openvpn/server4.crl-verify 
tls-auth /var/etc/openvpn/server4.tls-auth 0
comp-lzo adaptive
topology subnet
route 10.33.250.0 255.255.255.0

      here my csc conf:
      Tunnel network: 10.33.250.4/30

      push "route 192.168.3.0 255.255.255.0 10.33.250.4"
ifconfig-push 10.33.250.4 255.255.255.252

      What I've found strange, even under linux, is that in my 10.33.250.0/4 subnet my client gets the 10.33.250.0 ip… and I cannot ping any 10.33.250.x gateway...
      even if it "works"...

      any help would be really appreciated!

      Thank you

      1 Reply Last reply Reply Quote 0
      • M
        mcdiesel
        last edited by

        Under Windows some route is missing

        From VPN / OpenVPN / Client Export Utility (when the client export package is installed)

        Management Interface
        Use the OpenVPNManager Management Interface. This will activate management interface in the generated .ovpn configuration and include the OpenVPNManager program in the Windows Installers. With this management interface, OpenVPN can be used by non-administrator users.This is also useful for Windows Vista/7/8/10 systems where elevated permissions are needed to add routes to the OS.

        NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.

        What I've found strange

        No, no you don't get to comangle two questions in one with insufficient detail. You said previously everything works great . Cannot ping is not great, it's broken.  It may not be allowing icmp on Firewall / Rules / OpenVPN.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.