OpenVPN routing problem



  • Hi,
    i have a problem with routing on OpenVPN on pfSense. I try reading everything I found since 2 days, but did not get the problem.
    I have 2 pfSense as OpenVPN. One as Server one as Client. i want to connect the 2 networks behind them together.

    Setup is like this:
    10.32.0.0/24 -VPNServer------vpn tunnel (192.168.120.0/24)-------VPN client-------10.32.1.0/24

    Tunnel is up and I can Ping the tunnel IP from each end.

    server conf has:
    route 10.32.1.0 255.255.255.0;
    push "route 10.32.0.0 255.255.255.0";

    clientspecific settings on server is:
    iroute "10.32.1.0 255.255.255.0";

    -netstat -nr on vpnserer

    Destination        Gateway            Flags     Netif Expire
    default            219.111.73.254     UGS         em0
    10.32.1.0/24       192.168.120.2      UGS      ovpns1
    127.0.0.1          link#3             UH          lo0
    192.168.120.0/24   192.168.120.2      UGS      ovpns1
    192.168.120.1      link#6             UHS         lo0
    192.168.120.2      link#6             UH       ovpns1
    217.110.76.128/25  link#1             U           em0
    217.110.76.193     link#1             UHS         lo0
    
    

    netstat -nr on vpnclient

    Destination        Gateway            Flags     Netif Expire
    default            192.168.200.1      UGS         hn1
    10.32.0.0/24       192.168.120.1      UGS      ovpnc1
    10.32.1.0/24       link#5             U           hn0
    10.32.1.254        link#5             UHS         lo0
    127.0.0.1          link#2             UH          lo0
    
    

    If I Ping from a client (10.32.1.50) to 10.32.0.55, I receive in the Server Log:

    MULTI: bad source address from client [10.32.1.50], packet dropped
    

    It looks like i am missing an routing option on the server side. I do not understand why the server is dropping that packet. It schould be forwarded to the default gateway of the VPN server (219.111.73.254).
    Any Ideas?



  • I found the problem by myself.
    looks like the iroute in "Client Specific Overrides" needs to be entered without ""
    even if the example below the text box states:

    Enter any additional options to add for this client specific override, separated by a semicolon. 
    EXAMPLE: push "route 10.0.0.0 255.255.255.0";
    


  • There's no need to write out that commands into the advanced options box. You better use the "Remote Network/s" box for that. Just type in the networks which should be routed to the remote site.


Log in to reply