Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help replacing client routes if they overlap server LAN

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 433 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z Offline
      zlacelle
      last edited by

      I've set up OpenVPN server on pfSense and it's working quite nicely when my local LAN is different than the remote LAN.  I should add that the purpose of this VPN is remote access for administrators, not connecting two sites together.

      I include both sets of routes below (both non-overlapping LAN and overlapping), but the gist of it is this:  If I am part of an overlapping LAN, and I delete the default route and the local LAN route (for example, I'd delete "default via 192.168.1.1 dev wlan0  proto static" and "192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.253  metric 9" and replace the default route with "default via 10.0.0.1 dev tun0", I can then ping all remote hosts on 192.168.1.3 (except, of course, if a host's IP overlaps with mine).

      Is there any way to easily have the server push routes in this way, so that if there is overlap it overwrites the default and local routes?  Or is this something I have to script on the client side?

      If I'm on a non-overlapping LAN, my routes look as follows:

      From 172.16.20.29, network 172.16.0.0/16:
      0.0.0.0/1 via 10.0.0.1 dev tun0
      default via 172.16.1.1 dev eth0  proto static
      10.0.0.0/24 dev tun0  proto kernel  scope link  src 10.0.0.2
      X.X.X.X via 172.16.1.1 dev eth0
      128.0.0.0/1 via 10.0.0.1 dev tun0
      172.16.0.0/16 dev eth0  proto kernel  scope link  src 172.16.20.29  metric 1

      From overlapping LANs:

      From 192.168.1.253 in 192.168.1.1/24 (same as remote LAN):
      0.0.0.0/1 via 10.0.0.1 dev tun0
      default via 192.168.1.1 dev wlan0  proto static
      10.0.0.0/24 dev tun0  proto kernel  scope link  src 10.0.0.2
      X.X.X.X via 192.168.1.1 dev wlan0
      128.0.0.0/1 via 10.0.0.1 dev tun0
      192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.253  metric 9

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.