Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    One machine can connect to LAN, others cannot

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GryphonX77
      last edited by

      Strange issue here. I have a working OpenVPN config. I can connect with my machine with no issue, and reach any system on the LAN. But while I can successfully connect to the VPN with other machines on the same network, I can't see the LAN--even using the exact same config file from my machine. Any idea what might be causing this?

      I have the same results from both a Windows system and my Android phone. My machine (the one that's working) is a Windows system as well.

      1 Reply Last reply Reply Quote 0
      • G
        GryphonX77
        last edited by

        A little more insight here...

        It looks like only the first client that connects can get the route--and that it's specific to that client/IP address.

        Subsequent client connections receive this error:

        ROUTE: route addition failed using service: The object already exists.
        

        Once I restart the OpenVPN service, then the very next client that connects gets the route. And again, subsequent clients do not. If I remove the

        push "route 192.168.100.0 255.255.255.0"
        

        then no clients can connect to the LAN.

        So, this makes no sense to me...help?

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Why are you pushing routes?

          Put the routes you want the clients to have in the Local Networks in the server. Let it deal with pushing them. It will.

          What other customizations have you done?

          What kind of OpenVPN is this? Presuming remote access.

          In general, following this just works:

          https://docs.netgate.com/pfsense/en/latest/book/openvpn/using-the-openvpn-server-wizard-for-remote-access.html

          You might want to post your actual server configuration.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • G
            GryphonX77
            last edited by

            @Derelict thanks for the reply.

            I actually just got this sorted. I didn't do the initial configuration on this, so I'm not sure why the route was being pushed. That was part of the problem. The rest of the problem was workarounds I'd done to try to solve the problem. A word of advice: if you find a pfSense tutorial online that seems overly complicated, it's probably wrong. And I'd bet that the guy who did the tutorial I saw would probably have the same issue I did if he connected more than one machine.

            1 Reply Last reply Reply Quote 1
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              And definitely check the date. If it is not current, they are probably wrong as things exist today.

              There should be no Custom Options necessary to get almost all configurations working. It should all be able to be handled using the server and Client-Specific Overrides in the pfSense GUI.

              You might be able to tweak some additional throughput out of it or overcome PMTU problems etc with custom options, but basic functionality should be obtainable without them.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.