Default gateway pushed to Client OpenVPN bridge/TAP

  • Hi,

    It was an adventure to get this working. In short summary.

    Created a bridge config in pfsense and have a Windows 10 client to test connection.
    Steps creating the bridge:

    • Create OpenVPN server TAP L2 (Remote Access SSL/TLS)
    • Assign OpenVPN and LAN interface to Bridge
    • Assign Bridge to an Interface
    • Change Interface in the OpenVPN config to use the Bridge interface (This was the only way I got it working, The documentation of Bridge config was a bit thin here)

    Connection is working from the client but the default gateway is pushed to the client which breaks stuff.

    From the Windows client after connect.

    > route print
    Network Destination        Netmask          Gateway       Interface  Metric
           On-link    281

    I've no option set on the server that should push row 2 out. Deleting that route makes the client work as expected. (route delete mask

    That is:
    "Bridge Route Gateway - Push the Bridge Interface IPv4 address to connecting clients as a route gateway" is not checked.

    "Redirect IPv4 Gateway - Force all client-generated IPv4 traffic through the tunnel." not checked.

    "IPv4 Local network(s)" no subnet here.

    So, any takers on why I get the gateway pushed?


  • Which version of the client are you using, and can you post server/client configurations on your thread here? I suspect if you aren't pushing this from your server the client may be setting it. Windows also has metric priorities on each ethernet adapter and it may be the case that if both are publishing default routes, the interface with the lower metric value is winning out.

Log in to reply