• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Two routers, one for DHCP and one for OpenVPN Server

Scheduled Pinned Locked Moved NAT
3 Posts 2 Posters 620 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rfx88
    last edited by Dec 28, 2017, 2:50 PM Dec 28, 2017, 2:45 PM

    Hi!

    I have this setup at my home network:

    I want my OpenVPN clients to be part of my home network. I want to be able to access them.

    AC3200 is acting as my main gateway, and I want to use it as DHCP server for local and VPN clients.

    I've set up a OpenVPN server (type: TAP) on Pfsense but I'm not sure about the config and I'm not sure that NAT is setup correctly.

    • Bridge DHCP:
      True: Allow clients on the bridge to obtain DHCP.

    • Bridge Interface:
      WAN

    • Redirect Gateway:
      True: Force all client generated traffic through the tunnel.

    • Inter-client communication:
      True: Allow communication between clients connected to this server

    • Custom options:
      push "redirect-gateway def1";push "route x.x.x.0 255.255.255.0"; push "route-gateway x.x.x.1"

    Everytime I try to connect I get an error: Warning: route gateway is not reachable on any active network adapters: x.x.x.x

    Ports are opened so that should not be a problem. I expect that it's NAT that is the issue but I'm no expert…

    I appreciate your help!

    1 Reply Last reply Reply Quote 0
    • J
      JKnott
      last edited by Dec 28, 2017, 3:06 PM

      AC3200 is acting as my main gateway, and I want to use it as DHCP server for local and VPN clients.

      VPN clients are generally assigned an address by OpenVPN.  Also, DHCP initially uses broadcasts, which are not normally routed.  This means when a VPN client issues a DHCP discover, it will not be passed to the DHCP server.  If you must use a DHCP server that's not on the local network, the usual practice is to use a relay agent.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      1 Reply Last reply Reply Quote 0
      • R
        rfx88
        last edited by Dec 28, 2017, 5:14 PM

        @JKnott:

        AC3200 is acting as my main gateway, and I want to use it as DHCP server for local and VPN clients.

        VPN clients are generally assigned an address by OpenVPN.  Also, DHCP initially uses broadcasts, which are not normally routed.  This means when a VPN client issues a DHCP discover, it will not be passed to the DHCP server.  If you must use a DHCP server that's not on the local network, the usual practice is to use a relay agent.

        Thanks. I've enabled it but there's no change.

        I also removed routing from config. It now looks like this:

        push "route-gateway x.x.x.1";

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received