Default gateway pushed to Client OpenVPN bridge/TAP
iorx last edited by
It was an adventure to get this working. In short summary.
Created a bridge config in pfsense and have a Windows 10 client to test connection.
Steps creating the bridge:
- Create OpenVPN server TAP L2 (Remote Access SSL/TLS)
- Assign OpenVPN and LAN interface to Bridge
- Assign Bridge to an Interface
- Change Interface in the OpenVPN config to use the Bridge interface (This was the only way I got it working, The documentation of Bridge config was a bit thin here)
Connection is working from the client but the default gateway 0.0.0.0 is pushed to the client which breaks stuff.
From the Windows client after connect.
> route print Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 184.108.40.206 220.127.116.11 311 0.0.0.0 0.0.0.0 10.70.1.1 10.70.1.169 25 10.70.1.0 255.255.255.0 On-link 10.70.1.169 281
I've no option set on the server that should push row 2 out. Deleting that route makes the client work as expected. (route delete 0.0.0.0 mask 0.0.0.0 10.70.1.0)
"Bridge Route Gateway - Push the Bridge Interface IPv4 address to connecting clients as a route gateway" is not checked.
"Redirect IPv4 Gateway - Force all client-generated IPv4 traffic through the tunnel." not checked.
"IPv4 Local network(s)" no subnet here.
So, any takers on why I get the gateway pushed?
seejay last edited by
Which version of the client are you using, and can you post server/client configurations on your thread here? I suspect if you aren't pushing this from your server the client may be setting it. Windows also has metric priorities on each ethernet adapter and it may be the case that if both are publishing default routes, the interface with the lower metric value is winning out.