Multipurpose openvpn server with /30 client specific override



  • Hi everybody!

    I've spent the last two days googling and testing trying to apply this howtos: https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server

    I'm trying to create a single VPN and some override for specific users;
    under linux everything works great. Under Windows some route is missing, the client doesn't get a gateway and so is not able to route traffic.

    here are my subnets:
    LAN: 192.168.3.0/24
    openVPN server: 192.168.37.0/24
    CSC subnets: 10.33.250.0/30, 10.33.250.4/30, 10.33.250.8/30 etc.

    here my server conf:

    dev ovpns4
    verb 1
    dev-type tun
    dev-node /dev/tun4
    writepid /var/run/openvpn_server4.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 192.168.133.2
    engine cryptodev
    tls-server
    server 192.168.37.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server4
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'vpn.reteccs.org' 1"
    lport 1194
    management /var/etc/openvpn/server4.sock unix
    max-clients 15
    push "route 192.168.3.0 255.255.255.0"
    push "dhcp-option DNS 192.168.3.41"
    ca /var/etc/openvpn/server4.ca 
    cert /var/etc/openvpn/server4.cert 
    key /var/etc/openvpn/server4.key 
    dh /etc/dh-parameters.1024
    crl-verify /var/etc/openvpn/server4.crl-verify 
    tls-auth /var/etc/openvpn/server4.tls-auth 0
    comp-lzo adaptive
    topology subnet
    route 10.33.250.0 255.255.255.0
    

    here my csc conf:
    Tunnel network: 10.33.250.4/30

    push "route 192.168.3.0 255.255.255.0 10.33.250.4"
    ifconfig-push 10.33.250.4 255.255.255.252
    

    What I've found strange, even under linux, is that in my 10.33.250.0/4 subnet my client gets the 10.33.250.0 ip… and I cannot ping any 10.33.250.x gateway...
    even if it "works"...

    any help would be really appreciated!

    Thank you



  • Under Windows some route is missing

    From VPN / OpenVPN / Client Export Utility (when the client export package is installed)

    Management Interface
    Use the OpenVPNManager Management Interface. This will activate management interface in the generated .ovpn configuration and include the OpenVPNManager program in the Windows Installers. With this management interface, OpenVPN can be used by non-administrator users.This is also useful for Windows Vista/7/8/10 systems where elevated permissions are needed to add routes to the OS.

    NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.

    What I've found strange

    No, no you don't get to comangle two questions in one with insufficient detail. You said previously everything works great . Cannot ping is not great, it's broken.  It may not be allowing icmp on Firewall / Rules / OpenVPN.