OpenVPN routing problem
-
Hi,
i have a problem with routing on OpenVPN on pfSense. I try reading everything I found since 2 days, but did not get the problem.
I have 2 pfSense as OpenVPN. One as Server one as Client. i want to connect the 2 networks behind them together.Setup is like this:
10.32.0.0/24 -VPNServer------vpn tunnel (192.168.120.0/24)-------VPN client-------10.32.1.0/24Tunnel is up and I can Ping the tunnel IP from each end.
server conf has:
route 10.32.1.0 255.255.255.0;
push "route 10.32.0.0 255.255.255.0";clientspecific settings on server is:
iroute "10.32.1.0 255.255.255.0";-netstat -nr on vpnserer
Destination Gateway Flags Netif Expire default 219.111.73.254 UGS em0 10.32.1.0/24 192.168.120.2 UGS ovpns1 127.0.0.1 link#3 UH lo0 192.168.120.0/24 192.168.120.2 UGS ovpns1 192.168.120.1 link#6 UHS lo0 192.168.120.2 link#6 UH ovpns1 217.110.76.128/25 link#1 U em0 217.110.76.193 link#1 UHS lo0
netstat -nr on vpnclient
Destination Gateway Flags Netif Expire default 192.168.200.1 UGS hn1 10.32.0.0/24 192.168.120.1 UGS ovpnc1 10.32.1.0/24 link#5 U hn0 10.32.1.254 link#5 UHS lo0 127.0.0.1 link#2 UH lo0
If I Ping from a client (10.32.1.50) to 10.32.0.55, I receive in the Server Log:
MULTI: bad source address from client [10.32.1.50], packet dropped
It looks like i am missing an routing option on the server side. I do not understand why the server is dropping that packet. It schould be forwarded to the default gateway of the VPN server (219.111.73.254).
Any Ideas? -
I found the problem by myself.
looks like the iroute in "Client Specific Overrides" needs to be entered without ""
even if the example below the text box states:Enter any additional options to add for this client specific override, separated by a semicolon. EXAMPLE: push "route 10.0.0.0 255.255.255.0";
-
There's no need to write out that commands into the advanced options box. You better use the "Remote Network/s" box for that. Just type in the networks which should be routed to the remote site.