Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Saving OpenVPN client configuration adds route that breaks internet on LAN

    OpenVPN
    1
    3
    406
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • webmozartW
      webmozart
      last edited by

      Hi!

      When I save the OpenVPN configuration of a client on our pfSense, internet access breaks for all clients, even those connected via regular LAN. After some searching, the problem seems to be:

      1. When saving the OpenVPN client configuration, the client is displayed as "connected" on the OpenVPN status page, even though it didn't connect.

        31d6a54b-a853-493e-925e-f99721b4f3a7-image.png

      2. Stopping the client (with the red "x") fixes the problem.

      3. I checked Diagnostics > Routes before and after step 2. The culprit seems to be (to me) that the following route is inserted at the top of the IPv4 Routes table:

        2ecccacd-f066-4183-a54f-6b1176e812ed-image.png

        Also, the following routes are visible (first and third route in the following screenshots):

        9f878fd4-383e-476e-adcf-bebe9a3e4b8b-image.png

        • ovpns12 is the OpenVPN server
        • 10.10.10.40 is the IP assigned to the OpenVPN client

        The routes 0.0.0.0/1, 10.10.10.40 and 128.0.0.0/1 disappear after stopping the client connection. Everyone on the LAN then has internet access again.

      4. Further symptom: When saving the OpenVPN client configuration again (i.e. simply hitting "Save" there without stopping the "client connection"), another connection is visible on the OpenVPN status page for the same client, but with a new IP:

        523aa973-ffaa-440e-829d-28cc164e82a3-image.png

      Does anybody have any idea why that is happening?

      webmozartW 1 Reply Last reply Reply Quote 0
      • webmozartW
        webmozart @webmozart
        last edited by

        I'm still having this issue. I debugged this again today and have some more context:

        The problem is also there when I manually start the client connection from the OpenVPN status page with the little play button:

        9cb37f41-a5a3-449a-8959-3b720e9e2785-image.png

        When I start the connection, it is display as started shortly after (even if the client is not even online). From that point on, the "0.0.0.0/1 link#11" route is present and the internet connection is broken until I stop the client connection again.

        If anybody has any clues, I would really appreciate them.

        webmozartW 1 Reply Last reply Reply Quote 0
        • webmozartW
          webmozart @webmozart
          last edited by

          I finally found the culprit. The clients that I was expecting to connect to the OpenVPN server were configured under OpenVPN > Clients. Hence the server tried to connect to itself. In combination with push "redirect-gateway autolocal def1";, that seems to have broken the routing on the pfSense.

          The solution was to delete the clients from OpenVPN > Clients.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.