Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN routing problem

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 499 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ThomasHH
      last edited by

      Hi,
      i have a problem with routing on OpenVPN on pfSense. I try reading everything I found since 2 days, but did not get the problem.
      I have 2 pfSense as OpenVPN. One as Server one as Client. i want to connect the 2 networks behind them together.

      Setup is like this:
      10.32.0.0/24 -VPNServer------vpn tunnel (192.168.120.0/24)-------VPN client-------10.32.1.0/24

      Tunnel is up and I can Ping the tunnel IP from each end.

      server conf has:
      route 10.32.1.0 255.255.255.0;
      push "route 10.32.0.0 255.255.255.0";

      clientspecific settings on server is:
      iroute "10.32.1.0 255.255.255.0";

      -netstat -nr on vpnserer

      Destination        Gateway            Flags     Netif Expire
      default            219.111.73.254     UGS         em0
      10.32.1.0/24       192.168.120.2      UGS      ovpns1
      127.0.0.1          link#3             UH          lo0
      192.168.120.0/24   192.168.120.2      UGS      ovpns1
      192.168.120.1      link#6             UHS         lo0
      192.168.120.2      link#6             UH       ovpns1
      217.110.76.128/25  link#1             U           em0
      217.110.76.193     link#1             UHS         lo0
      
      

      netstat -nr on vpnclient

      Destination        Gateway            Flags     Netif Expire
      default            192.168.200.1      UGS         hn1
      10.32.0.0/24       192.168.120.1      UGS      ovpnc1
      10.32.1.0/24       link#5             U           hn0
      10.32.1.254        link#5             UHS         lo0
      127.0.0.1          link#2             UH          lo0
      
      

      If I Ping from a client (10.32.1.50) to 10.32.0.55, I receive in the Server Log:

      MULTI: bad source address from client [10.32.1.50], packet dropped
      

      It looks like i am missing an routing option on the server side. I do not understand why the server is dropping that packet. It schould be forwarded to the default gateway of the VPN server (219.111.73.254).
      Any Ideas?

      1 Reply Last reply Reply Quote 0
      • T
        ThomasHH
        last edited by

        I found the problem by myself.
        looks like the iroute in "Client Specific Overrides" needs to be entered without ""
        even if the example below the text box states:

        Enter any additional options to add for this client specific override, separated by a semicolon. 
        EXAMPLE: push "route 10.0.0.0 255.255.255.0";
        
        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by

          There's no need to write out that commands into the advanced options box. You better use the "Remote Network/s" box for that. Just type in the networks which should be routed to the remote site.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.