Startup script

GruensFroeschli

Why are you telling the openVPN to even add these routes?
I assume you've set the "redirect def1" option.
Just disable this and those routes wont be added.

geyser

I think 0tt0 is connecting to StrongVPN, same as what I am trying to do.  Even if you don't specify redirect-gateway def1; it still puts in those routes.  I think it is being sent down by the remote server.

GruensFroeschli

The redirect def1 is a server option.

But even if you have these routes in place.
They only affect traffic if you're using the "default" gateway on a firewall rule.
Policy routing forces traffic directly to an interface/gateway and bypasses the routing table.

Could you show a screenshot of the rules you think are not working with these routes in place?

Even another alternative would be, that you add on top of these rules another 4 rules (0.0.0.0/2, 64.0.0.0/2, 128.0.0.0/2, 192.0.0.0/2)

0tt0

@geyser:

I think 0tt0 is connecting to StrongVPN, same as what I am trying to do.  Even if you don't specify redirect-gateway def1; it still puts in those routes.  I think it is being sent down by the remote server.

This is exactly correct yes.

cmb

If you specify:

route-nopull

in your custom options it should prevent that route from being pulled. Someone else is doing that with StrongVPN.

0tt0

@cmb:

If you specify:

route-nopull

in your custom options it should prevent that route from being pulled. Someone else is doing that with StrongVPN.

Thanks for the info, don't think I've seen that one before.

0tt0

@cmb:

If you specify:

route-nopull

in your custom options it should prevent that route from being pulled. Someone else is doing that with StrongVPN.

It seems this only works in OpenVPN 2.1.x or later so it shouldn't work in pfs 1.2.3-R then I guess.

m4rcu5

I think its replaced by "route-noexec". This worked for me until last week i upgraded to RC3.
Now pfSense wont see my OpenVPN gateway anymore.

0tt0

@m4rcu5:

I think its replaced by "route-noexec". This worked for me until last week i upgraded to RC3.
Now pfSense wont see my OpenVPN gateway anymore.

Thanks for the info, I'll check it up.

jimp

Upgrade to a recent snapshot if you aren't seeing an OpenVPN dynamic gateway (or if you see it but it's always "gathering data"). There were some bug fixes a week or so ago, after the official RC3.