Help replacing client routes if they overlap server LAN



  • I've set up OpenVPN server on pfSense and it's working quite nicely when my local LAN is different than the remote LAN.  I should add that the purpose of this VPN is remote access for administrators, not connecting two sites together.

    I include both sets of routes below (both non-overlapping LAN and overlapping), but the gist of it is this:  If I am part of an overlapping LAN, and I delete the default route and the local LAN route (for example, I'd delete "default via 192.168.1.1 dev wlan0  proto static" and "192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.253  metric 9" and replace the default route with "default via 10.0.0.1 dev tun0", I can then ping all remote hosts on 192.168.1.3 (except, of course, if a host's IP overlaps with mine).

    Is there any way to easily have the server push routes in this way, so that if there is overlap it overwrites the default and local routes?  Or is this something I have to script on the client side?

    If I'm on a non-overlapping LAN, my routes look as follows:

    From 172.16.20.29, network 172.16.0.0/16:
    0.0.0.0/1 via 10.0.0.1 dev tun0
    default via 172.16.1.1 dev eth0  proto static
    10.0.0.0/24 dev tun0  proto kernel  scope link  src 10.0.0.2
    X.X.X.X via 172.16.1.1 dev eth0
    128.0.0.0/1 via 10.0.0.1 dev tun0
    172.16.0.0/16 dev eth0  proto kernel  scope link  src 172.16.20.29  metric 1

    From overlapping LANs:

    From 192.168.1.253 in 192.168.1.1/24 (same as remote LAN):
    0.0.0.0/1 via 10.0.0.1 dev tun0
    default via 192.168.1.1 dev wlan0  proto static
    10.0.0.0/24 dev tun0  proto kernel  scope link  src 10.0.0.2
    X.X.X.X via 192.168.1.1 dev wlan0
    128.0.0.0/1 via 10.0.0.1 dev tun0
    192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.253  metric 9


Log in to reply