One machine can connect to LAN, others cannot
-
Strange issue here. I have a working OpenVPN config. I can connect with my machine with no issue, and reach any system on the LAN. But while I can successfully connect to the VPN with other machines on the same network, I can't see the LAN--even using the exact same config file from my machine. Any idea what might be causing this?
I have the same results from both a Windows system and my Android phone. My machine (the one that's working) is a Windows system as well.
-
A little more insight here...
It looks like only the first client that connects can get the route--and that it's specific to that client/IP address.
Subsequent client connections receive this error:
ROUTE: route addition failed using service: The object already exists.
Once I restart the OpenVPN service, then the very next client that connects gets the route. And again, subsequent clients do not. If I remove the
push "route 192.168.100.0 255.255.255.0"
then no clients can connect to the LAN.
So, this makes no sense to me...help?
-
Why are you pushing routes?
Put the routes you want the clients to have in the Local Networks in the server. Let it deal with pushing them. It will.
What other customizations have you done?
What kind of OpenVPN is this? Presuming remote access.
In general, following this just works:
https://docs.netgate.com/pfsense/en/latest/book/openvpn/using-the-openvpn-server-wizard-for-remote-access.html
You might want to post your actual server configuration.
-
@Derelict thanks for the reply.
I actually just got this sorted. I didn't do the initial configuration on this, so I'm not sure why the route was being pushed. That was part of the problem. The rest of the problem was workarounds I'd done to try to solve the problem. A word of advice: if you find a pfSense tutorial online that seems overly complicated, it's probably wrong. And I'd bet that the guy who did the tutorial I saw would probably have the same issue I did if he connected more than one machine.
-
And definitely check the date. If it is not current, they are probably wrong as things exist today.
There should be no Custom Options necessary to get almost all configurations working. It should all be able to be handled using the server and Client-Specific Overrides in the pfSense GUI.
You might be able to tweak some additional throughput out of it or overcome PMTU problems etc with custom options, but basic functionality should be obtainable without them.