Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reverse Routing to LAN Problem (SOLVED)

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jarrad
      last edited by

      Hi All

      Hoping someone can point me in the right direction.

      I have the OpenVPN server configured and thanks for DocNok I have my route being pushed correctly but something with it isn't working 100%. To explain:

      LAN -> 192.168.1.0/24 - IF address 192.168.1.1 static
      OVPN -> 10.8.0.0/24 - IF address 10.8.0.1 (I'm not sure how this is set)

      I created an interface from the OVPN server as OVPNS2
      There is a rule on this gateway to allow all from all and to exit via OVPNS2 interface as a gateway
      The OVPN server pushes a route for 192.168.1.0/24 and uses 10.8.0.1 as the gateway

      On the LAN side, there is a rule that says any traffic from the LAN net to 10.8.0.0/24 is to exit via the OVPNS2 gateway

      A random IP on the LAN side, say 192.168.1.243 can ping to a client in the VPN - 10.8.0.2 with no issues
      The VPN client on the other hand 10.8.0.2, can ping the router of 192.168.1.1 but cannot ping LAN clients such as 192.168.1.243

      I am expecting it is a routing issue with the network 192.168.1.0/24 not being advertised somehow.

      To assist, routing tables:
      OVPN Client:

      
0.0.0.0         privateIP   0.0.0.0         UG    0      0        0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
privateIP   0.0.0.0         255.255.192.0   U     0      0        0 eth0
192.168.1.0     10.8.0.1        255.255.255.0   UG    0      0        0 tun0

      pfSense:

      
Destination        Gateway            Flags      Netif Expire
default            172.20.19.196      UGS      ovpnc1
10.1.1.0/24        link#1             U           re0
10.1.1.2           link#1             UHS         lo0
10.8.0.0/24        10.8.0.1           UGS      ovpns2
10.8.0.1           link#7             UHS         lo0
10.8.0.2           link#7             UH       ovpns2
127.0.0.1          link#5             UH          lo0
172.20.16.0/22     172.20.19.196      UGS      ovpnc1
172.20.16.1        link#8             UH       ovpnc1
172.20.19.196      link#8             UHS         lo0
192.168.1.0/24     link#2             U           re1
192.168.1.1        link#2             UHS         lo0
192.168.8.0/24     link#9             U           ue0
192.168.8.101      link#9             UHS         lo0

      Can anyone assist please?

      Please let me know if screenshots will make this easier.

      1 Reply Last reply Reply Quote 0
      • J Offline
        jarrad
        last edited by

        Never mind worked it out.

        In my rule for OVPNS2 of allow all to destination all I had forced the gateway to be OVPNS instead of default, aka system routing table. This meant I was rerouting packets back out through the existing gateway and not letting pfSense handle the routing.

        Thanks all!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.