Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN tunnel up but no traffic get routed

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 626 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hhjohan
      last edited by

      Hi, I have been struggling with this for way to many hours and my ideas are running out. I get the feeling I miss something but I can't find what.
      I have a point to point tunnel set up and it connects fine, but I can't get traffic thru as supposed.
      On the client end i can from pfsense ping my network interface on the remote pfsense if I select the VPN tunnel as source, any other interface can't.
      From the remote pfsense I can't ping the local interface ip at all.
      To me that sounds like an issue with routing or rules, but as far as I can see I can find the problem.

      In openvpn log i get this:
      Aug 30 09:12:13 openvpn 90100 ERROR: FreeBSD route add command failed: external program exited with error status: 1
      Aug 30 09:12:13 openvpn 90100 /sbin/route add -net 192.168.2.0 192.168.113.1 255.255.255.0
      Aug 30 09:12:13 openvpn 90100 /sbin/route add -net 192.168.2.0 192.168.113.1 255.255.255.0
      Aug 30 09:12:13 openvpn 90100 /usr/local/sbin/ovpn-linkup ovpnc1 1500 0 192.168.113.2 255.255.255.0 init
      Aug 30 09:12:13 openvpn 90100 /sbin/ifconfig ovpnc1 192.168.113.2/24 mtu 1500 up

      but the routes seems to be generated anyway, maybe related to the double route add commands, but I have no idea whey it get doubled.

      This is my routing table:
      Skärmbild (19).png

      and this is my rules:
      Skärmbild (20).png
      Skärmbild (21).png

      Inputs are highly appreciated as I am running out of hair on my head...

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Your OpenVPN group tab is only allowing incoming TCP traffic.

        -Rico

        H 1 Reply Last reply Reply Quote 0
        • H
          hhjohan @Rico
          last edited by

          @Rico I didn't really understand your answer, did you see something wrong or was it just information?
          I have another vpn tunnel towards the same server side which works fine, the rules on the OpenVPN interfaces look identical.

          But you got my eye on the protocol allowed, changed to "all" but didn't solve the problem with ping from remote side

          H 1 Reply Last reply Reply Quote 0
          • H
            hhjohan @hhjohan
            last edited by

            192.168.2.1 is the address on my remote pfsense interface that I try to ping from client pfsense.

            1 Reply Last reply Reply Quote 0
            • S
              Stef93
              last edited by

              https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-route-internet-traffic.html
              I suggest re-reading the instructions) 90% of all answers to questions can be seen there.
              For example, you have not added a new interface with openvpn (interfaces > Interface Assignments
              77357fbd-248a-40fe-a115-0b5ce0b00ca7-image.png
              After added and applied, be sure to restart openvpn

              H 1 Reply Last reply Reply Quote 0
              • H
                hhjohan @Stef93
                last edited by

                @Stef93 Turned out that I have missed to add a Client Specific Override, but couldn't get it to work anyway.
                Reading a bit more on Client Specific Override I found out that changing the tunnel network from /24 to /30 didn't need any override and then I got it working.
                Thanks, you lead me to the solution!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.