Multipurpose openvpn server with /30 client specific override
I've spent the last two days googling and testing trying to apply this howtos: https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server
I'm trying to create a single VPN and some override for specific users;
under linux everything works great. Under Windows some route is missing, the client doesn't get a gateway and so is not able to route traffic.
here are my subnets:
openVPN server: 192.168.37.0/24
CSC subnets: 10.33.250.0/30, 10.33.250.4/30, 10.33.250.8/30 etc.
here my server conf:
dev ovpns4 verb 1 dev-type tun dev-node /dev/tun4 writepid /var/run/openvpn_server4.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 192.168.133.2 engine cryptodev tls-server server 192.168.37.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server4 tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'vpn.reteccs.org' 1" lport 1194 management /var/etc/openvpn/server4.sock unix max-clients 15 push "route 192.168.3.0 255.255.255.0" push "dhcp-option DNS 192.168.3.41" ca /var/etc/openvpn/server4.ca cert /var/etc/openvpn/server4.cert key /var/etc/openvpn/server4.key dh /etc/dh-parameters.1024 crl-verify /var/etc/openvpn/server4.crl-verify tls-auth /var/etc/openvpn/server4.tls-auth 0 comp-lzo adaptive topology subnet route 10.33.250.0 255.255.255.0
here my csc conf:
Tunnel network: 10.33.250.4/30
push "route 192.168.3.0 255.255.255.0 10.33.250.4" ifconfig-push 10.33.250.4 255.255.255.252
What I've found strange, even under linux, is that in my 10.33.250.0/4 subnet my client gets the 10.33.250.0 ip… and I cannot ping any 10.33.250.x gateway...
even if it "works"...
any help would be really appreciated!
Under Windows some route is missing
From VPN / OpenVPN / Client Export Utility (when the client export package is installed)
Use the OpenVPNManager Management Interface. This will activate management interface in the generated .ovpn configuration and include the OpenVPNManager program in the Windows Installers. With this management interface, OpenVPN can be used by non-administrator users.This is also useful for Windows Vista/7/8/10 systems where elevated permissions are needed to add routes to the OS.
NOTE: This is not currently compatible with the 64-bit OpenVPN installer. It will work with the 32-bit installer on a 64-bit system.
What I've found strange
No, no you don't get to comangle two questions in one with insufficient detail. You said previously everything works great . Cannot ping is not great, it's broken. It may not be allowing icmp on Firewall / Rules / OpenVPN.