Routing two/multiple subnets through tunnel
-
pfsense 1.2.3-RELEASE
– NICs
WAN 1.2.3.4
LAN 172.18.128.1/24
LAN_164 192.168.164.249/24-- tunnel
Address pool 172.18.251.0/24
Local network 172.18.128.0.24I have successfully configured OpenVPN for remote client access.
Remote access to LAN works for all IPs.Following that, I wanted to add remote access to LAN_164 IP's. So
I added 'push "route 192.168.164.0 255.255.255.0"' to the global
config. Here is the remote routes:Destination Gateway Genmask Flags MSS Window irtt Iface
172.18.251.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
172.18.251.1 172.18.251.5 255.255.255.255 UGH 0 0 0 tun0
172.18.128.0 172.18.251.5 255.255.255.0 UG 0 0 0 tun0
192.168.164.0 172.18.251.5 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0However, on the remote I still cannot ping any of the IPs on LAN_164.
On the server/lan side I can access LAN_164 from LAN without trouble. Here are the
(relevant) routes on the server:Destination Gateway Flags Refs Use Netif Expire
172.18.128.0/24 link#4 UC 0 0 em1
172.18.251.0/24 172.18.251.2 UGS 0 0 tun0
172.18.251.2 172.18.251.1 UH 1 0 tun0
192.168.164.0/24 link#2 UC 0 0 fxp1I am clearly missing something. Any input would be appreciated. If I have been too brief
in detail, please let me know. -
Is this a private shared key tunnel?
If yes: You cannot use pushes with such a setup.
You need to add normal routes to the config on the server and the client
(eg. route 192.168.164.0 255.255.255.0) -
The tunnel Auth method is PKI.
-
Do the devices in the 164 range have a default gateway other than the pfSense?
Do you have the OpenVPN instance assigned as interface?
If yes, might you have a rule not allowing access?The same on the remote side: Might you have a rule not allowing access?
Do you see anything in the firewall log?