Connected to OpenVPN, but no network except for 1 IP Address

  • I have a pretty simple setup at home - using the scheme. However, I'm trying to finally add more VPN users, and running into an issue where they can't connect to anything on my local network. Users seem setup correctly from what I can tell - they can connect to my network, get an IP, but then can't talk to anything.

    PFsense -

    OpenVPN is set to

    With my main user that I use, I connect and get a IP, which works fine. However, any other user will get, 2.4, etc., and they can't talk to anything on my network. I'm guessing it's something simple I'm missing, but I've spent hours researching and trying different things which no results helping.

    Trying different devices and users, it doesn't seem to matter - will connect and work fine. Any other IP won't.

    Server settings:

    Client Settings:


    LAN settings:

    Any ideas? What am I missing?

  • LAYER 8

    my guess .. "IPv4 remote network" is not defined probably does not know how to reach network, it's strange that is working ...

  • To rule out routing conflicts, change your LAN and tunnel subnet to something uncommon:

  • @kiokoman I enable the remote network as right? Did that, re-downloaded client config, and still the same thing.

  • LAYER 8

    "ipv4 tunnel client" is
    "ipv4 remote network" for the client would be

  • Gotcha. Just did that, and no luck still. I was assigned I can ping myself, but not or anything on 192.168.1.x network.

  • Please post the clients routing table.

  • Sorry for the delay on this -

    I'm connected now via my phone with a address but can't connect to anything. I have a desktop connected via address which works fine.

  • That's the routing table from pfSense, the server, not from the client, who has trouble with accessing something.

  • Sorry for the delay on this. Here is a print out of the address that connects to the VPN but doesn't work connecting to anything on the network:

  • The routes on the client seem to be fine.

    Does each user login with a different user name and also certificate if the server is running in SSL/TLS mode?

    What does the server log show when a second client is connecting?

  • Yeah, that's what is weird. Different user names. Client log shows it connects just fine and gets DHCP. I feel like it's a routing issue of some sort, but everything looks setup correctly.

  • Sounds stupid, but on my LAN interface, it's setup as I'm not limiting myself at all am I ? That's just configuring the IP of the pfSense box, right?

  • For troubleshooting try to ping the LAN address
    This should work at least if the client routes are set correctly.
    Then try to ping a LAN device.

  • Not able to ping either when connected as the 2nd VPN client (1921.68.2.3)

  • So please post the clients IPv4 routing table.

  • Post your server1.conf (/var/etc/openvpn).

  • I posted the IPv4 routing table above earlier, and you stated that it looked fine?

    Here is the server1.conf files:

    dev ovpns1
    verb 1
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/
    #user nobody
    #group nobody
    script-security 3
    keepalive 10 60
    proto tcp-server
    cipher AES-128-CBC
    auth SHA256
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/
    client-disconnect /usr/local/sbin/
    client-config-dir /var/etc/openvpn-csc/server1
    plugin /usr/local/lib/openvpn/plugins/ /usr/local/sbin/ovpn_auth_verify_async user TG9jYWwgRGF0YWJhc2U= false server1 1195
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'OpenVPN+Server+Certificate' 1"
    lport 1195
    management /var/etc/openvpn/server1.sock unix
    push "route"
    push "route"
    push "dhcp-option DNS"
    push "dhcp-option DNS"
    ca /var/etc/openvpn/
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    ncp-ciphers AES-128-GCM
    topology subnet

  • A couple things I see:

    • The tunnel network is being pushed out to your clients as a route to a remote network, which is incorrect. Remove "" from the IPv4 Local network(s) line.
    • Considering this is a routed, split-tunnel deployment, why push public DNS servers?

    Another thing to watch out for is... in a routed solution, the LAN subnets have to be unique across both ends. So, in your situation, any client that's connecting from a LAN subnet of either or will break the routing to the tunnel.

    On the server-side, ideally, you will want to move away from popular subnets used by common SOHO routers (,, etc) on both the LAN and the tunnel network.

  • This post is deleted!

  • @marvosa Thanks. I removed the DNS and removed the from local network line. Connected again just fine on the client, but still can't connect to anything. The network I'm on right now is using a 10.x.x.x scheme. I'm pulling my hair out trying to figure out wtf the problem is.

  • Post new screenshots of both the client's routing table when connected and PFsense.

Log in to reply