Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default gateway pushed to Client OpenVPN bridge/TAP

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 635 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • iorxI
      iorx
      last edited by

      Hi,

      It was an adventure to get this working. In short summary.

      Created a bridge config in pfsense and have a Windows 10 client to test connection.
      Steps creating the bridge:

      • Create OpenVPN server TAP L2 (Remote Access SSL/TLS)
      • Assign OpenVPN and LAN interface to Bridge
      • Assign Bridge to an Interface
      • Change Interface in the OpenVPN config to use the Bridge interface (This was the only way I got it working, The documentation of Bridge config was a bit thin here)

      Connection is working from the client but the default gateway 0.0.0.0 is pushed to the client which breaks stuff.

      From the Windows client after connect.

      > route print
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     79.102.152.1    79.102.152.75    311
          0.0.0.0          0.0.0.0        10.70.1.1      10.70.1.169     25
        10.70.1.0    255.255.255.0         On-link       10.70.1.169    281

      I've no option set on the server that should push row 2 out. Deleting that route makes the client work as expected. (route delete 0.0.0.0 mask 0.0.0.0 10.70.1.0)

      That is:
      "Bridge Route Gateway - Push the Bridge Interface IPv4 address to connecting clients as a route gateway" is not checked.

      "Redirect IPv4 Gateway - Force all client-generated IPv4 traffic through the tunnel." not checked.

      "IPv4 Local network(s)" no subnet here.

      So, any takers on why I get the gateway pushed?

      Brgs,

      1 Reply Last reply Reply Quote 0
      • S
        seejay
        last edited by

        Which version of the client are you using, and can you post server/client configurations on your thread here? I suspect if you aren't pushing this from your server the client may be setting it. Windows also has metric priorities on each ethernet adapter and it may be the case that if both are publishing default routes, the interface with the lower metric value is winning out.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.