Kernel Routing Table

jomimota · Apr 29, 2017, 11:45 AM

Hello,

I have a Pfsense (2.3.3-RELEASE-p) running a OpenVPN server in mode (Remote Access (SSL/TLS + User Autentication).
I have 3 openwrt clients with lan's behind, that connects to this server. All works fine at client side. It's possible from client A to access the lan behind the client B and vice-versa, and also to the server lan.
The problem is from server lan because when a client connect no entry is added to his lan in the server kernel routing table. So I need to add this entry manually at pfsense server shell to permit the access to the client lan from the server lan.

Why the OpenVPN server don't add this entry in Kernel Routing table?

Thanks in Advance.

Jorge Mota

viragomann · Apr 29, 2017, 12:06 PM

A Remote access server isn't meant to access the LAN behind a client by default.

If you want to enable the access automatically when the client connects you may set up a client specific override for each unique client whose LAN you want to access:
https://doc.pfsense.org/index.php/OpenVPN_multi_purpose_single_server#OpenVPN_Client_specific_overrides

The client has to have an distinct CN in cert. Then you can set each option for this client separately and enter its LAN subnet at remote networks.

jomimota · Apr 29, 2017, 3:12 PM

Hi,

Each client have a distinct CN and Cert. The lan subnet behind each client is in Client Specific Overrides "IPv4 Remote Network/s" section.
I also tried to enter in the "Advanced Section" of CSO the command: "route x.x.x.x 255.255.255.0", where x.x.x.x is the client lan subnet without success.

Tia,

Jorge Mota