Acess to the network behind OPENVPN clients (remote access mode)
Hello! I try to make tap site-to-site openvpn by pfsense (server/remote access mode) and windows openvpn client (in client mode).
192.168.40.17 192.168.40.18 /
Clients behind [w7] can ping devices behind [pfs], because routes to network pointed as local network on [pfs] are automatically registered on [w7] client.
But not vise versa. Routes to network behind [w7] is not appears on [pfs].
It's all works, when i add route to 192.168.38.0/24 and 10.190.200.0/24 manually from [pfs] cli.
I cannot make it from web-gui because when i try to add gateway (openvpn client 192.168.40.18), i cannot choose ovpn1 interface because it unassigned.
How to make routes adds automatically? I tryed advanced server options route 192.168.38.0 255.255.255.0; route 10.190.200.0 255.255.255.0; - it does not help (routes does not appears in [pfs] routing table). I also tryed to make client specific override by pointing 192.168.38.0/24,10.190.200.2/32 as remote networks with no success.
Any feedback please ::)
Maybe the description of the problem is inaccurate?
gjaltemba last edited by
It would help me to understand the problem description better if you provide the cli work.
If cli is working then why do you need a gui way?
Because when i reboot openvpn instance or pfsense itself, routes written manually are gone.
Melphiz last edited by
Your networks are confusing me so I'll give you the example we use at our company, ok?
LAN Server 192.168.100.0/24
LAN Client 192.168.112.0/24
Server: (pfsense tab)
++ Tunnel Settings
–---IPv4 Tunnel Network 10.244.100.0/24
-----IPv4 Local Network 192.168.100.0/24
push "route 192.168.100.0 255.255.255.0";
route 192.168.112.0 255.255.255.0;
Client Specific Override (pfsense tab)
-----IPv4 Remote Network/s 192.168.112.0/24
The client config itself needs to further adjustment besides the typical settings.
marvosa last edited by
You need to do two things in order to access the network(s) behind your clients:
You have to add an iroute statement for each network you want to access in the client specific overrides section for that particular client
You have to enable IP routing on the client PC -> https://gist.github.com/mouseroot/5489960