• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Multipurpose openvpn server with /30 client specific override

Scheduled Pinned Locked Moved OpenVPN
2 Posts 2 Posters 939 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jlord87
    last edited by Feb 8, 2017, 10:04 AM

    Hi everybody!

    I've spent the last two days googling and testing trying to apply this howtos: https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server

    I'm trying to create a single VPN and some override for specific users;
    under linux everything works great. Under Windows some route is missing, the client doesn't get a gateway and so is not able to route traffic.

    here are my subnets:
    LAN: 192.168.3.0/24
    openVPN server: 192.168.37.0/24
    CSC subnets: 10.33.250.0/30, 10.33.250.4/30, 10.33.250.8/30 etc.

    here my server conf:

    dev ovpns4
verb 1
dev-type tun
dev-node /dev/tun4
writepid /var/run/openvpn_server4.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.133.2
engine cryptodev
tls-server
server 192.168.37.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server4
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'vpn.reteccs.org' 1"
lport 1194
management /var/etc/openvpn/server4.sock unix
max-clients 15
push "route 192.168.3.0 255.255.255.0"
push "dhcp-option DNS 192.168.3.41"
ca /var/etc/openvpn/server4.ca 
cert /var/etc/openvpn/server4.cert 
key /var/etc/openvpn/server4.key 
dh /etc/dh-parameters.1024
crl-verify /var/etc/openvpn/server4.crl-verify 
tls-auth /var/etc/openvpn/server4.tls-auth 0
comp-lzo adaptive
topology subnet
route 10.33.250.0 255.255.255.0

    here my csc conf:
    Tunnel network: 10.33.250.4/30

    push "route 192.168.3.0 255.255.255.0 10.33.250.4"
ifconfig-push 10.33.250.4 255.255.255.252

    What I've found strange, even under linux, is that in my 10.33.250.0/4 subnet my client gets the 10.33.250.0 ip… and I cannot ping any 10.33.250.x gateway...
    even if it "works"...

    any help would be really appreciated!

    Thank you

    1 Reply Last reply Reply Quote 0
    • M
      mcdiesel
      last edited by Feb 9, 2017, 3:37 AM

      Under Windows some route is missing

      From VPN / OpenVPN / Client Export Utility (when the client export package is installed)

      Management Interface
      Use the OpenVPNManager Management Interface. This will activate management interface in the generated .ovpn configuration and include the OpenVPNManager program in the Windows Installers. With this management interface, OpenVPN can be used by non-administrator users.This is also useful for Windows Vista/7/8/10 systems where elevated permissions are needed to add routes to the OS.

      NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.

      What I've found strange

      No, no you don't get to comangle two questions in one with insufficient detail. You said previously everything works great . Cannot ping is not great, it's broken.  It may not be allowing icmp on Firewall / Rules / OpenVPN.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received