Openvpn bug? route push not added to server config



  • Hi
    I had a weird client side routing problem when accessing the LAN network(192.168.1.0/24) via the VPN, when the local network on the remote site has the same LAN network.  I experienced that there were a few hosts I was unable to reach do to the client attempted to reach them via the wifi interface and not the tun interface.

    So looking at the VPN server config in the web GUI, I could not find any thing wrong except that "Local Network" field was not present(not rendered) at all.
    Looking at the config via ssh (/var/etc/openvpn/server1.conf) shows that the push "route 192.168.1.0 255.255.255.0" is not actually in the config..

    Adding push "route 192.168.1.0 255.255.255.0" to the Advanced Configuration > Custom options in web GUI solved my problems.

    Never had this problem before I reinstalled pfsense (just reinstalled) and I did not restore anything from backup. I have installed openvpn multiple times before without any problems.

    Is this a bug or was I just unlucky?

    pfsense version: 2.4.2-RELEASE (amd64) Netgate SG-2220
    openvpn server version: OpenVPN 2.4.4 amd64-portbld-freebsd11.1
    openvpn client version: 2.4.4 x86_64-w64-mingw32

    Edit: I used the Wizard to create the VPN server


  • LAYER 8 Global Moderator

    "I had a weird client side routing problem when accessing the LAN network(192.168.1.0/24) via the VPN, when the local network on the remote site has the same LAN network. "

    There is no bug - but there is a borked config.. How do you expect the client to know where to send traffic to talk to a device that it thinks is local - why would it send that traffic down its vpn connection.. Do not use the same network on both sides of a vpn connection if you want stuff to work..



  • We might misunderstand each other or I might be wrong.. -> Since the server never pushed the route "push "route 192.168.1.0 255.255.255.0"" to the client, the client on the lan(192.168.1.0/24) would use  the "wifi interface" when requesting host's in the 192.168.1.0/24 range instead of tun interface (opnvpn adapter).

    When I added "push "route 192.168.1.0 255.255.255.0"" to the server config, the client now knows it should use the tun interface instead.

    The reason I thought this could be a bug is because when I configured the server I specified these options(using the wizard):
    Tunnel Network 10.0.8.0/24
    Redirect Gateway checked
    Local Network 192.168.1.0/24

    Because of the "Local Network 192.168.1.0/24" entry I expected "push "route 192.168.1.0 255.255.255.0"" to be present in the server.conf.

    Any way, things are working and im happy:)


Log in to reply