Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN with sTunnel - Routing problem

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 585 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      streetfighter12
      last edited by streetfighter12

      Hi,

      i've tried to set up openvpn + stunnel. It works so far, but only if I'm adding the following route:

      route public.pfsense.ip 255.255.255.255 net_gateway
      

      This breaks for example my internal dns (BTW. Does someone has good documentation about routing?). Without stunnel this route is not necessary.

      When I'm pointing the route to my openvpn gateway, nothing works after the connect.

      route local.openvpn.pfsense.ip 255.255.255.255 net_gateway
      

      I basically wanna have the same functions, only via stunnel. Is this somehow possible?

      Would be great If someone had a tipp for me!

      Greetz Yannik

      1 Reply Last reply Reply Quote 0
      • S
        streetfighter12
        last edited by

        I didn't understand the route command. By adding this line:

        route public.pfsense.ip 255.255.255.255 net_gateway
        

        openvpn isn't routing the pfsense public ip through the vpn tunnel.

        The problem was that in our environment we force to route the whole traffic through the openvpn server and this broke stunnel. Cause with this configuration openvpn wants stunnel goes trough the vpn tunnel and this ends in timeouts. By excluding the psense public ip (stunnel runs on this ip, too) it keeps the connection, also while vpn is running.


        And the dns problem was a different one. I used the gnome vpn manager, before I tested the stunnel-thing with the openvpn command line. Gnome manager was setting everything in a proper way, but the openvpn command line tool not.

        So, I had to do the following things:

        sudo apt-get install resolvconf
        
        Add to openvpn client conf:
        script-security 2
        up /etc/openvpn/update-resolv-conf
        down /etc/openvpn/update-resolv-conf
        

        Greetings Yannik

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.