Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn not routing to subnet

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 866 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mark17e
      last edited by

      I have a netgate pfsense box connected to the internet as a firewall in front of our cisco router that manages our lan subnet. Installed openvpn using the wizard and the client connects fine. Unfortunately traffic isn't being passed to the subnet. I've tried numerous suggestions on forums without success. It is actually a pretty straight forward setup and everything else is working good.

      internet ->(wan)Pfsense (lan=192.168.0.254)-->Cisco router (lan gateway=192.168.1.1)->192.168.1.10(target server)

      The pfsense is directly connected to a switch port on the Cisco integrated service router, so there aren't any other devices in the loop. The Cisco router is the gateway (192.168.1.1) for the subnet.

      I'm stumped.

      Thanks for the help.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        That's really a strait forward setup. Just ensure that these points a given:

        • The pfSense LAN IP is the default gateway on the Cisco router.
        • On pfSense you've added a static route for the 192.168.1.0/? network pointing to the Cisco's IP.
        • In the OpenVPN settings you've added the 192.168.1.0/? network to the "Local networks".
        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Can you ping the cisco IP on your transit network from your vpn client? I can not tell from your diagram what the cisco IP in this transit is 192.168.0.1?? With pfsense IP being 192.168.0.254?

          Other than @viragomann great points.. Also don't forget possible overlap? What are you using for your tunnel network? What is the remote clients local IP.. If it overlaps 192.168.1 remote client would have any need to send traffic down the tunnel to try and get there.

          Also don't forget local firewalls on your dest box.. Not allowing whatever your tunnel network is. Which would be the source IP from your vpn connections.

          Can the vpn client ping the cisco svi on the lan side network 192.168.1.1?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.