Possible bug
-
Hi,
I spent most of the day sorting out my OpenVPN setup, I noticed something which I think maybe a bug. If you select the option to route all traffic through the VPN rather then list out all the networks, it doesn't seem to work, however if I specify the networks it works.
I have one LAN which is my main lan 192.168.1.0/24 and two VLAN 192.168.10.x and 192.168.20.x which I also want to make routable via the VPN however if I checked the i cant ping any of them, if I specify them it works ???
Can someone else confirm?
-
Its not a bug for me. I have no such issue.
-
Are you using policy routing? Adding networks to the OpenVPN config automatically puts them in the negate routes for policy routing. Check the box probably doesn't. You might need to add rules for them.
Without knowing more about what you're doing (client or server, site-to-site or remote access, etc) it's kind of just a guess.
https://doc.pfsense.org/index.php/Bypassing_Policy_Routing
-
The client is just a simple connection to the OpenVPN server. It just a dumb client.
I haven't setup any policy routing and the firewall for LAN1 has the following rule:
IPV4 Source = * Port = * Dest = * Port = * GW = *
I wanted to setup the OpenVPN server so that any client connected via OpenVPN has all traffic routed.
I checked the following option:
Redirect Gateway
Force all client generated traffic through the tunnel.However this did not work.
If I uncheck the box an define the local networks it works?
-
Clients can ignore the route that the OpenVPN server pushes to them - perhaps you have client/s that are ignoring that directive to "Force all client generated traffic through the tunnel"?
-
is that a client configuration option to choose to ignore?
Why would it work when i define the networks then?
-
Just look at the routing tables and see what's going on. netstat -rn and probably something else on windows.
