Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Clients can access server lan and vice versa - clients can't access client lans

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      windswept321
      last edited by

      I followed a guide a while ago to set up a pfSense openvpn server with two openvpn clients, both also on pfsense routers.
      I think the guide was this one:

      http://forum.pfsense.org/index.php?topic=48667.0

      I can connect to the server lan from either client and, connecting from the server lan works the other way too.
      However, the two client lans are not connected.
      I'm assuming that this is an openvpn routing issue but have no idea how to set it right.

      One client's internal network is 192.168.2.* and the other is 192.168.4.*
      the server's internal network is 192.168.0.*

      Under 'advanced configuration' on the server under the openvpn server tab, I have:

      push "route 192.168.0.0 255.255.255.0";route 192.168.1.0 255.255.255.0;route 192.168.2.0 255.255.255.0;route 192.168.4.0 255.255.255.0;

      In 'client specific overrides' on the server, under advanced for each client, there is something like```
      iroute 192.168.2.0 255.255.255.0

      (for the 192.168.2.* client network)

Each pfsense box has an allow all traffic on the openvpn interface rule.

There is nothing in the advanced boxes on the clients themselves.

I would really appreciate it if anyone could point me in the right direction with this.
      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        push "route 192.168.0.0 255.255.255.0";route 192.168.1.0 255.255.255.0;route 192.168.2.0 255.255.255.0;route 192.168.4.0 255.255.255.0;

        The above is just badly wrong

        
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.4.0 255.255.255.0"
        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          In the advanced options box you need to have a ; between statements (newlines in the box aren't guaranteed to be preserved)

          so it should really be:

          push "route 192.168.0.0 255.255.255.0";
push "route 192.168.1.0 255.255.255.0";
push "route 192.168.2.0 255.255.255.0";
push "route 192.168.4.0 255.255.255.0";

          or

          push "route 192.168.0.0 255.255.255.0";push "route 192.168.1.0 255.255.255.0";push "route 192.168.2.0 255.255.255.0";push "route 192.168.4.0 255.255.255.0"

          You also need route statements for the network so that the OS on the server side knows it reaches those networks via the VPN also

          So ultimately, you'd end up with:

          push "route 192.168.0.0 255.255.255.0";push "route 192.168.1.0 255.255.255.0";push "route 192.168.2.0 255.255.255.0";push "route 192.168.4.0 255.255.255.0";route 192.168.1.0 255.255.255.0;route 192.168.2.0 255.255.255.0;route 192.168.4.0 255.255.255.0;

          The pushes ensure that each of the remote sites receive routes to the other remote sites as well as your server. The plain route statements handle the routing for your server side to reach the remote sites.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.