Open VPN server won't route



  • so configured openVPN server using one of the on-line tutorials.  I'm pretty familiar with this stuff, so it wasn't too hard.

    Setup with cert and user auth, and the connection establishes.

    local area network with the devices is 10.10.222.0
    vpn network is 10.10.200.0

    no matter what I do, I cant seem to get it to route between the vpn network and the local network I need to access.

    first thing I noticed, ipconfig /all shows no default gateway for the 10.10.200.X address
    which if I were the FBI, I'd consider that a clue….

    log from the client below...

    Mon Apr 03 22:57:13 2017 [PFSense_VPN_SERVER] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
    Mon Apr 03 22:57:14 2017 open_tun
    Mon Apr 03 22:57:14 2017 TAP-WIN32 device [Ethernet 2] opened: \.\Global{D7C68351-4161-4117-975F-EFB93A41341E}.tap
    Mon Apr 03 22:57:14 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.200.6/255.255.255.252 on interface {D7C68351-4161-4117-975F-EFB93A41341E} [DHCP-serv: 10.10.200.5, lease-time: 31536000]
    Mon Apr 03 22:57:14 2017 Successful ARP Flush on interface [19] {D7C68351-4161-4117-975F-EFB93A41341E}
    Mon Apr 03 22:57:14 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mon Apr 03 22:57:14 2017 Block_DNS: WFP engine opened
    Mon Apr 03 22:57:14 2017 Block_DNS: Using existing sublayer
    Mon Apr 03 22:57:14 2017 Block_DNS: Added permit filters for exe_path
    Mon Apr 03 22:57:14 2017 Block_DNS: Added block filters for all interfaces
    Mon Apr 03 22:57:14 2017 Block_DNS: Added permit filters for TAP interface
    Mon Apr 03 22:57:14 2017 write UDP: No Route to Host (WSAEHOSTUNREACH) (code=10065)
    Mon Apr 03 22:57:19 2017 Initialization Sequence Completed

    Any help is appreciated… Thanks



  • I did try disabling all firewall rules, still not routing.  At a  loss,



  • so made some progress!

    believe this is a config issue, but still looking for some suggestions.

    my network has 2 public internet connections.

    localnetwork router address for primary internet is .1
    PFsense is .250 (totally separate box), on the same local network
    it's running VPN client to a VPN service
    added a VPN server, that I have issues with routing.

    I have a couple machines setup on the network that I want to use VPN, so their GW address is .250

    Noticed a few minutes ago, I can ping the machines that use the .250 address for their gateway, but not the ones that use .1 for their address.

    Moving the machines that need VPN to a different network would likely fix the problem, but that's not my first choice.  Anyone else have any suggestions ?



  • what a helpful forum…

    well -- the answer is to add a static route to the 10.10.222.1 router to route to the VPN network via the .10.10.222.250 interface.


Log in to reply