[Solved] DHCP clients on LAN do not see OpenVPN network
-
Have remote OpenVPN server. It is up and running.
Have pfsense as main gateway for local network. There is DHCP service on pfsense LAN interface.
Also set up OpenVPN client on my pfsense and do connect to remove OpenVPN server. It is working, no any errors in log. Even can ping remove OpenVPN network from pfsense console.BUT!
My DCHP clients on LAN interface do not see OpenVPN network. That is strange, cause I expect pfsense will route traffic automatically after successful connection.
I 100% sure problem on pfsense side, cause had the same scheme on non pfsense router and everything works as expected.What should I tune on pfsense to be able access remote VPN network from LAN DHCP clients?
-
Are you seeing blocks in the logs? Would need to see the config on both sides to offer any targetted help. Post the server1.conf from the server and the client1.conf from the client.
-
Are you seeing blocks in the logs? Would need to see the config on both sides to offer any targetted help. Post the server1.conf from the server and the client1.conf from the client.
No any blocks.
Client side
dev ovpnc1 verb 3 dev-type tun dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-256-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown multihome engine cryptodev tls-client client nobind management /var/etc/openvpn/client1.sock unix remote 285.325.45.142 53294 ifconfig 10.8.0.2 10.8.0.1 ca /var/etc/openvpn/client1.ca cert /var/etc/openvpn/client1.cert key /var/etc/openvpn/client1.key tls-auth /var/etc/openvpn/client1.tls-auth 1 ncp-ciphers AES-256-GCM:AES-128-GCM resolv-retry infinite topology subnet auth-nocache remote-cert-tls server
Server side
dev ovpns2 verb 1 dev-type tun dev-node /dev/tun2 writepid /var/run/openvpn_server2.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-256-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown multihome engine cryptodev tls-server server 10.8.0.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server2 tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'server.kz' 1" lport 53294 management /var/etc/openvpn/server2.sock unix push "route 192.168.10.0 255.255.255.0" ca /var/etc/openvpn/server2.ca cert /var/etc/openvpn/server2.cert key /var/etc/openvpn/server2.key dh /etc/dh-parameters.1024 crl-verify /var/etc/openvpn/server2.crl-verify tls-auth /var/etc/openvpn/server2.tls-auth 0 ncp-ciphers AES-256-GCM:AES-128-GCM persist-remote-ip float topology subnet route 192.168.1.0 255.255.255.0 # Office
-
What is the LAN subnet on both sides?
-
What is the LAN subnet on both sides?
thanks. fixed by defining "Client Specific Overrides" and```
iroute 192.168.1.0 255.255.255.0;