OpenVPN routing problem
i have a problem with routing on OpenVPN on pfSense. I try reading everything I found since 2 days, but did not get the problem.
I have 2 pfSense as OpenVPN. One as Server one as Client. i want to connect the 2 networks behind them together.
Setup is like this:
10.32.0.0/24 -VPNServer------vpn tunnel (192.168.120.0/24)-------VPN client-------10.32.1.0/24
Tunnel is up and I can Ping the tunnel IP from each end.
server conf has:
route 10.32.1.0 255.255.255.0;
push "route 10.32.0.0 255.255.255.0";
clientspecific settings on server is:
iroute "10.32.1.0 255.255.255.0";
-netstat -nr on vpnserer
Destination Gateway Flags Netif Expire default 126.96.36.199 UGS em0 10.32.1.0/24 192.168.120.2 UGS ovpns1 127.0.0.1 link#3 UH lo0 192.168.120.0/24 192.168.120.2 UGS ovpns1 192.168.120.1 link#6 UHS lo0 192.168.120.2 link#6 UH ovpns1 188.8.131.52/25 link#1 U em0 184.108.40.206 link#1 UHS lo0
netstat -nr on vpnclient
Destination Gateway Flags Netif Expire default 192.168.200.1 UGS hn1 10.32.0.0/24 192.168.120.1 UGS ovpnc1 10.32.1.0/24 link#5 U hn0 10.32.1.254 link#5 UHS lo0 127.0.0.1 link#2 UH lo0
If I Ping from a client (10.32.1.50) to 10.32.0.55, I receive in the Server Log:
MULTI: bad source address from client [10.32.1.50], packet dropped
It looks like i am missing an routing option on the server side. I do not understand why the server is dropping that packet. It schould be forwarded to the default gateway of the VPN server (220.127.116.11).
I found the problem by myself.
looks like the iroute in "Client Specific Overrides" needs to be entered without ""
even if the example below the text box states:
Enter any additional options to add for this client specific override, separated by a semicolon. EXAMPLE: push "route 10.0.0.0 255.255.255.0";
There's no need to write out that commands into the advanced options box. You better use the "Remote Network/s" box for that. Just type in the networks which should be routed to the remote site.