Acess to the network behind OPENVPN clients (remote access mode)



  • Hello! I try to make tap site-to-site openvpn by pfsense (server/remote access mode) and windows openvpn client (in client mode).

    192.168.38.0/24
    192.168.40.17              192.168.40.18 /
        [pfs]=============[w7]
                                                            \          10.190.200.0/24

    Clients behind [w7] can ping devices behind [pfs], because routes to network pointed as local network on [pfs] are automatically registered on [w7] client.
    But not vise versa. Routes to network behind [w7] is not appears on [pfs].
    It's all works, when i add route to 192.168.38.0/24 and 10.190.200.0/24 manually from [pfs] cli.
    I cannot make it from web-gui because when i try to add gateway (openvpn client 192.168.40.18), i cannot choose ovpn1 interface because it unassigned.
    How to make routes adds automatically? I tryed advanced server options route 192.168.38.0 255.255.255.0; route 10.190.200.0 255.255.255.0; - it does not help (routes does not appears in [pfs] routing table). I also tryed to make client specific override by pointing 192.168.38.0/24,10.190.200.2/32 as remote networks with no success.



  • Any feedback please  ::)
    Maybe the description of the problem is inaccurate?



  • It would help me to understand the problem description better if you provide the cli work.

    If cli is working then why do you need a gui way?



  • Because when i reboot openvpn instance or pfsense itself, routes written manually are gone.



  • Your networks are confusing me so I'll give you the example we use at our company, ok?

    LAN Server 192.168.100.0/24
    LAN Client  192.168.112.0/24
    OpenVPN    10.244.100.0/24

    Server: (pfsense tab)
    Remote Access
    ++ Tunnel Settings
    –---IPv4 Tunnel Network 10.244.100.0/24
    -----IPv4 Local Network 192.168.100.0/24
    ++Advanced
    push "route 192.168.100.0 255.255.255.0";
    route 192.168.112.0 255.255.255.0;

    Client Specific Override (pfsense tab)
    -----IPv4 Remote Network/s 192.168.112.0/24

    The client config itself needs to further adjustment besides the typical settings.



  • You need to do two things in order to access the network(s) behind your clients:

    • You have to add an iroute statement for each network you want to access in the client specific overrides section for that particular client

    • You have to enable IP routing on the client PC -> https://gist.github.com/mouseroot/5489960