OVPN Routing Help

rbennett · Feb 14, 2008, 12:01 PM

I got the connection made to my pfSense. I can ping the pfSense box, but can't get anything else within the LAN. TCP or UDP neither work. It looks like the routes are in good…I don't know, I'm stumped.

Address Pool: 172.20.200.0/24
Local Network: 172.20.18.0/24

Thu Feb 14 05:44:20 2008 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Feb 14 05:44:20 2008 PUSH: Received control message: 'PUSH_REPLY,route 172.2
0.18.0 255.255.255.0,dhcp-option DOMAIN ussa.edu,dhcp-option DNS 172.20.18.47,dh
cp-option DNS 172.20.19.30,dhcp-option WINS 172.20.18.47,dhcp-option DISABLE-NBT
,route 172.20.200.1,ping 10,ping-restart 60,ifconfig 172.20.200.6 172.20.200.5'
Thu Feb 14 05:44:20 2008 OPTIONS IMPORT: timers and/or timeouts modified
Thu Feb 14 05:44:20 2008 OPTIONS IMPORT: –ifconfig/up options modified
Thu Feb 14 05:44:20 2008 OPTIONS IMPORT: route options modified
Thu Feb 14 05:44:20 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options
modified
Thu Feb 14 05:44:20 2008 TAP-WIN32 device [Local Area Connection 3] opened: \.
Global{810506C4-91A0-472E-B5CC-9A0C442CF9AA}.tap
Thu Feb 14 05:44:20 2008 TAP-Win32 Driver Version 8.4
Thu Feb 14 05:44:20 2008 TAP-Win32 MTU=1500
Thu Feb 14 05:44:20 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
72.20.200.6/255.255.255.252 on interface {810506C4-91A0-472E-B5CC-9A0C442CF9AA}
[DHCP-serv: 172.20.200.5, lease-time: 31536000]
Thu Feb 14 05:44:20 2008 Successful ARP Flush on interface [3] {810506C4-91A0-47
2E-B5CC-9A0C442CF9AA}
Thu Feb 14 05:44:20 2008 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Thu Feb 14 05:44:20 2008 Route: Waiting for TUN/TAP interface to come up…
Thu Feb 14 05:44:21 2008 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Thu Feb 14 05:44:21 2008 Route: Waiting for TUN/TAP interface to come up...
Thu Feb 14 05:44:22 2008 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Thu Feb 14 05:44:22 2008 Route: Waiting for TUN/TAP interface to come up...
Thu Feb 14 05:44:23 2008 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Thu Feb 14 05:44:23 2008 Route: Waiting for TUN/TAP interface to come up...
Thu Feb 14 05:44:24 2008 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Thu Feb 14 05:44:24 2008 Route: Waiting for TUN/TAP interface to come up...
Thu Feb 14 05:44:26 2008 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Thu Feb 14 05:44:26 2008 route ADD 172.20.18.0 MASK 255.255.255.0 172.20.200.5
Thu Feb 14 05:44:26 2008 Route addition via IPAPI succeeded
Thu Feb 14 05:44:26 2008 route ADD 172.20.200.1 MASK 255.255.255.255 172.20.200.
5
Thu Feb 14 05:44:26 2008 Route addition via IPAPI succeeded
Thu Feb 14 05:44:26 2008 Initialization Sequence Completed

===========================================================================

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.155 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.155 192.168.1.155 30
172.20.18.0 255.255.255.0 172.20.200.5 172.20.200.6 1
172.20.200.1 255.255.255.255 172.20.200.5 172.20.200.6 1
172.20.200.4 255.255.255.252 172.20.200.6 172.20.200.6 30
172.20.200.6 255.255.255.255 127.0.0.1 127.0.0.1 30
172.20.255.255 255.255.255.255 172.20.200.6 172.20.200.6 30
192.168.1.0 255.255.255.0 192.168.1.155 192.168.1.155 20
192.168.1.155 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.155 192.168.1.155 20
224.0.0.0 240.0.0.0 172.20.200.6 172.20.200.6 30
224.0.0.0 240.0.0.0 192.168.1.155 192.168.1.155 20
255.255.255.255 255.255.255.255 172.20.200.6 172.20.200.6 1
255.255.255.255 255.255.255.255 192.168.1.155 192.168.1.155 1
Default Gateway: 192.168.1.1

Persistent Routes:
None

Cry Havok · Feb 14, 2008, 12:13 PM

@rbennett:

I got the connection made to my pfSense. I can ping the pfSense box, but can't get anything else within the LAN. TCP or UDP neither work. It looks like the routes are in good…I don't know, I'm stumped.

This usually is because your OpenVPN box (which is your pfSense box) isn't the default gateway for your LAN.

GruensFroeschli · Feb 14, 2008, 12:22 PM

Do you happen to use multiwan?
Do your LAN clients know the way back to your OpenVPN subnet?

rbennett · Feb 14, 2008, 2:12 PM

the gateway, I always forget about the gateway. That was it. Thanks!