Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn bug? route push not added to server config

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      starr
      last edited by

      Hi
      I had a weird client side routing problem when accessing the LAN network(192.168.1.0/24) via the VPN, when the local network on the remote site has the same LAN network.  I experienced that there were a few hosts I was unable to reach do to the client attempted to reach them via the wifi interface and not the tun interface.

      So looking at the VPN server config in the web GUI, I could not find any thing wrong except that "Local Network" field was not present(not rendered) at all.
      Looking at the config via ssh (/var/etc/openvpn/server1.conf) shows that the push "route 192.168.1.0 255.255.255.0" is not actually in the config..

      Adding push "route 192.168.1.0 255.255.255.0" to the Advanced Configuration > Custom options in web GUI solved my problems.

      Never had this problem before I reinstalled pfsense (just reinstalled) and I did not restore anything from backup. I have installed openvpn multiple times before without any problems.

      Is this a bug or was I just unlucky?

      pfsense version: 2.4.2-RELEASE (amd64) Netgate SG-2220
      openvpn server version: OpenVPN 2.4.4 amd64-portbld-freebsd11.1
      openvpn client version: 2.4.4 x86_64-w64-mingw32

      Edit: I used the Wizard to create the VPN server

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        "I had a weird client side routing problem when accessing the LAN network(192.168.1.0/24) via the VPN, when the local network on the remote site has the same LAN network. "

        There is no bug - but there is a borked config.. How do you expect the client to know where to send traffic to talk to a device that it thinks is local - why would it send that traffic down its vpn connection.. Do not use the same network on both sides of a vpn connection if you want stuff to work..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          starr
          last edited by

          We might misunderstand each other or I might be wrong.. -> Since the server never pushed the route "push "route 192.168.1.0 255.255.255.0"" to the client, the client on the lan(192.168.1.0/24) would use  the "wifi interface" when requesting host's in the 192.168.1.0/24 range instead of tun interface (opnvpn adapter).

          When I added "push "route 192.168.1.0 255.255.255.0"" to the server config, the client now knows it should use the tun interface instead.

          The reason I thought this could be a bug is because when I configured the server I specified these options(using the wizard):
          Tunnel Network 10.0.8.0/24
          Redirect Gateway checked
          Local Network 192.168.1.0/24

          Because of the "Local Network 192.168.1.0/24" entry I expected "push "route 192.168.1.0 255.255.255.0"" to be present in the server.conf.

          Any way, things are working and im happy:)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.