Default gateway pushed to Client OpenVPN bridge/TAP

iorx · Nov 22, 2019, 9:29 AM

Hi,

It was an adventure to get this working. In short summary.

Created a bridge config in pfsense and have a Windows 10 client to test connection.
Steps creating the bridge:

Create OpenVPN server TAP L2 (Remote Access SSL/TLS)
Assign OpenVPN and LAN interface to Bridge
Assign Bridge to an Interface
Change Interface in the OpenVPN config to use the Bridge interface (This was the only way I got it working, The documentation of Bridge config was a bit thin here)

Connection is working from the client but the default gateway 0.0.0.0 is pushed to the client which breaks stuff.

From the Windows client after connect.

> route print
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     79.102.152.1    79.102.152.75    311
          0.0.0.0          0.0.0.0        10.70.1.1      10.70.1.169     25
        10.70.1.0    255.255.255.0         On-link       10.70.1.169    281

I've no option set on the server that should push row 2 out. Deleting that route makes the client work as expected. (route delete 0.0.0.0 mask 0.0.0.0 10.70.1.0)

That is:
"Bridge Route Gateway - Push the Bridge Interface IPv4 address to connecting clients as a route gateway" is not checked.

"Redirect IPv4 Gateway - Force all client-generated IPv4 traffic through the tunnel." not checked.

"IPv4 Local network(s)" no subnet here.

So, any takers on why I get the gateway pushed?

Brgs,

seejay · Nov 23, 2019, 4:27 AM

Which version of the client are you using, and can you post server/client configurations on your thread here? I suspect if you aren't pushing this from your server the client may be setting it. Windows also has metric priorities on each ethernet adapter and it may be the case that if both are publishing default routes, the interface with the lower metric value is winning out.