[Solved] DHCP clients on LAN do not see OpenVPN network



  • Have remote OpenVPN server. It is up and running.

    Have pfsense as main gateway for local network. There is DHCP service on pfsense LAN interface.
    Also set up OpenVPN client on my pfsense and do connect to remove OpenVPN server. It is working, no any errors in log. Even can ping remove OpenVPN network from pfsense console.

    BUT!

    My DCHP clients on LAN interface do not see OpenVPN network. That is strange, cause I expect pfsense will route traffic automatically after successful connection.
    I 100% sure problem on pfsense side, cause had the same scheme on non pfsense router and everything works as expected.

    What should I tune on pfsense to be able access remote VPN network from LAN DHCP clients?



  • Are you seeing blocks in the logs?  Would need to see the config on both sides to offer any targetted help.  Post the server1.conf from the server and the client1.conf from the client.



  • @marvosa:

    Are you seeing blocks in the logs?  Would need to see the config on both sides to offer any targetted help.  Post the server1.conf from the server and the client1.conf from the client.

    No any blocks.

    Client side

    
    dev ovpnc1
    verb 3
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp4
    cipher AES-256-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    multihome
    engine cryptodev
    tls-client
    client
    nobind
    management /var/etc/openvpn/client1.sock unix
    remote 285.325.45.142 53294
    ifconfig 10.8.0.2 10.8.0.1
    ca /var/etc/openvpn/client1.ca
    cert /var/etc/openvpn/client1.cert
    key /var/etc/openvpn/client1.key
    tls-auth /var/etc/openvpn/client1.tls-auth 1
    ncp-ciphers AES-256-GCM:AES-128-GCM
    resolv-retry infinite
    topology subnet
    auth-nocache
    remote-cert-tls server
    
    

    Server side

    
    dev ovpns2
    verb 1
    dev-type tun
    dev-node /dev/tun2
    writepid /var/run/openvpn_server2.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    multihome
    engine cryptodev
    tls-server
    server 10.8.0.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server2
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'server.kz' 1"
    lport 53294
    management /var/etc/openvpn/server2.sock unix
    push "route 192.168.10.0 255.255.255.0"
    ca /var/etc/openvpn/server2.ca
    cert /var/etc/openvpn/server2.cert
    key /var/etc/openvpn/server2.key
    dh /etc/dh-parameters.1024
    crl-verify /var/etc/openvpn/server2.crl-verify
    tls-auth /var/etc/openvpn/server2.tls-auth 0
    ncp-ciphers AES-256-GCM:AES-128-GCM
    persist-remote-ip
    float
    topology subnet
    route 192.168.1.0 255.255.255.0 # Office
    
    


  • What is the LAN subnet on both sides?



  • @marvosa:

    What is the LAN subnet on both sides?

    thanks. fixed by defining "Client Specific Overrides" and```
    iroute 192.168.1.0 255.255.255.0;


Log in to reply