Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Kernel Routing Table

    OpenVPN
    2
    3
    916
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jomimota
      last edited by

      Hello,

      I have a Pfsense (2.3.3-RELEASE-p) running a OpenVPN server in mode (Remote Access (SSL/TLS + User Autentication).
      I have 3 openwrt clients with lan's behind, that connects to this server. All works fine at client side. It's possible from client A to access the lan behind the client B and vice-versa, and also to the server lan.
      The problem is from server lan because when a client connect no entry is added to his lan in the server kernel routing table. So I need to add this entry manually at pfsense server shell to permit the access to the client lan from the server lan.

      Why the OpenVPN server don't add this entry in Kernel Routing table?

      Thanks in Advance.

      Jorge Mota

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        A Remote access server isn't meant to access the LAN behind a client by default.

        If you want to enable the access automatically when the client connects you may set up a client specific override for each unique client whose LAN you want to access:
        https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server#OpenVPN_Client_specific_overrides

        The client has to have an distinct CN in cert. Then you can set each option for this client separately and enter its LAN subnet at remote networks.

        1 Reply Last reply Reply Quote 0
        • J
          jomimota
          last edited by

          Hi,

          Each client have a distinct CN and Cert. The lan subnet behind each client is in Client Specific Overrides "IPv4 Remote Network/s" section.
          I also tried to enter in the "Advanced Section" of CSO the command: "route x.x.x.x 255.255.255.0", where x.x.x.x is the client lan subnet without success.

          Tia,

          Jorge Mota

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.