OpenVPN client connects to PFsense, does not route

gazoo

This is my client config:
dev tun
persist-tun
persist-key
proto udp
cipher AES-256-CBC
tls-client
client
resolv-retry infinite
remote x.x.x.x 444
tls-remote "user"
auth-user-pass
pkcs12 satlink-udp-444.p12
tls-auth satlink-udp-444-tls.key 1
comp-lzo

That was exported from the export tab. On PF, it's configured for remote access SSL/TLS+auth, UDP, TUN
Tunnel network is set to 10.10.213.0/24
Local network is 192.168.1.0/24 (this is my LAN i'm trying to get to behind PF sense from the road)
Provide virtual IP is checked.

My route print statement is as follows (I erased the "real" ones so they are not included):
Network Destination        Netmask          Gateway       Interface  Metric

10.10.213.1  255.255.255.255      10.10.213.5      10.10.213.6     30
     10.10.213.4  255.255.255.252         On-link       10.10.213.6    286
     10.10.213.6  255.255.255.255         On-link       10.10.213.6    286
     10.10.213.7  255.255.255.255         On-link       10.10.213.6    286
       127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
       127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
 127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

192.168.1.0    255.255.255.0      10.10.213.5      10.10.213.6     30
       224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
       224.0.0.0        240.0.0.0         On-link     x.x.x.x.    266
       224.0.0.0        240.0.0.0         On-link       10.10.213.6    286
 255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
 255.255.255.255  255.255.255.255         On-link     x,x,x,x    266
 255.255.255.255  255.255.255.255         On-link       10.10.213.6    286

It's doesn't make sense which seems like I messed a config up somewhere.

Here are the PFsense routes of relevance:
10.10.213.1 link#12 UHS 0 0 16384 lo0 =>
10.10.213.1/32 link#12 U 0 0 1500 ovpns1
192.168.1.0/24 link#1 U 0 10158163 1500 vr0
192.168.1.1 link#1 UHS 0 172 16384 lo0

So yes, I can see something's off, but I don't know how to fix it.

There should be a route on PF to 10.10.213.0/24 via ovpns1, but I don't see that
On the windows client side, there should only be a route to 192.168.1.0/24 via 10.10.213.5, not those other 3

Anyhow. HELP!  :'(

I am used to running TAP, but I gave up since no one uses that and could not help me. This seemed good because I got it to finally connect, but now it doesn't route anywhere.

thanks

gazoo

Oh, I forgot to mention. I can't ping anything from anywhere. I can only ping my own assigned IP address from the VPN (10.10.213.6)

heper

what version of pfsense are you running ?
please post screenshots of the configuration & firewall rules + screenshot of pfsense' routing table + screenshot of windows client routing table

also note that if your remote clients lan subnet is the same as the lan behind pfsense, then routing will fail

gazoo

Sorry, this one i had to recreate:

Windows

Network Destination        Netmask            Gateway      Interface      Metric

10.10.213.1  255.255.255.255      10.10.213.5      10.10.213.6    30
10.10.213.4  255.255.255.252        On-link          10.10.213.6    286
10.10.213.6  255.255.255.255        On-link          10.10.213.6    286
10.10.213.7  255.255.255.255        On-link          10.10.213.6    286
127.0.0.0          255.0.0.0                  On-link            127.0.0.1    306
127.0.0.1          255.255.255.255        On-link            127.0.0.1    306
127.255.255.255         255.255.255.255        On-link            127.0.0.1    306

192.168.1.0    255.255.255.0      10.10.213.5  10.10.213.6    30
224.0.0.0                        240.0.0.0      On-link        127.0.0.1      306
224.0.0.0                        240.0.0.0        On-link      x.x.x.x.        266
224.0.0.0                        240.0.0.0        On-link          10.10.213.6  286
255.255.255.255  255.255.255.255        On-link          127.0.0.1      306
255.255.255.255  255.255.255.255        On-link            x,x,x,x    266
255.255.255.255  255.255.255.255        On-link          10.10.213.6  286
–--------------------------------------------
Remote side is on a routeable address at work so not the same as my LAN.
PFsense 2.0.1 on Alix 2d13, 4gb CF card

heper

i find it odd that your pfsense server address of the tunnel network = 10.10.213.5

in my experience, the pfsense server tunnel interface would allways try to bind to 10.10.213.1, being the first address available in the specified subnet.
could you check that the tunnel interface address is indeed 10.10.213.5 (status –> openvpn)

did you perhaps assign an interface to the openvpn instance? if so, did you provide a static ip address there ? Is so, set type to 'none' and try again

gazoo

Well, this is the weirdest thing. I go and try it today and it works like nothing was ever wrong. I did reboot PFsense a thousand times this weekend trying to get Dansguardian to work and also rebooted my work machine.

Anyhow, I'm still going to post what you asked because it is binding on a weird I{. This may or may not help someone else so what the heck: