• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing issues with Split Tunnel OpenVPN+FreeRAdius

Scheduled Pinned Locked Moved OpenVPN
3 Posts 2 Posters 445 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jacksonp
    last edited by Nov 24, 2020, 1:25 PM

    I am having some problems setting up a client to site VPN using OpenVPN+FreeRadius on an SG appliance.

    I have it set up to the point I can connect the vpn but it appears to be creating an erroneous default route which is confusing my Ubuntu laptop.

    The Ubuntu laptop has a default gw of my internal network on eth0. When the OpenVPN tunnel comes up, a second default gw gets created on tun0 as well as more specific routes for the remote network.

    Until I manually delete the tun0 route, I am unable to connect to the remote network over VPN.

    Once the default route gets delete everything works.

    Is there anything specific that needs to be done to stop that default route on tun0 getting created.

    Setting on PFsense are

    server mode: Remote Access (User Auth)
    Backend for auth: Radius
    Protocol: UDP on IPv4 only
    Device mode: tun
    Interface WAN
    Local port: 1194

    TLS Config: Use a TLS Key
    TLS Key Usage mode: TLS Encryption and Authentication
    TLS Keydir direction: Use default
    Peer certificate Authoritd: FreeRADIUS CA
    DH Parameter Lnegth: 3072
    ECDH Curve: use default
    Encryption Algo: AES-256-GCM (256bitkey 128 block)
    NPC Algo: AED-256-gce
    Auth direst algo: SHA384
    Hardware Crypto: Intel RDRAND
    Cert depth: One

    IPv4 Tunnel Nework: 10.10.10.0/24
    IPv6 Tunnel Network: none
    Redirect IPv4 Gateway: Off
    IPv4 Local neworks: 10.10.11.0/24, 10.10.12.0/24, 10.10.13/24

    FreeRADIUS is set to give a client and IP address. eg

    User1
    IPv4 Address 10.10.10.10
    Subnet Mask: 255.255.255.0
    IPv4 Gateway: 10.10.10.0/24 10.10.10.1 1

    (if I remove the IPv4 gateway, VPN connects but nothing works)

    J M 2 Replies Last reply Dec 7, 2020, 7:35 PM Reply Quote 0
    • J
      jacksonp @jacksonp
      last edited by Dec 7, 2020, 7:35 PM

      Bumping on the off chance anyone can help

      1 Reply Last reply Reply Quote 0
      • M
        marvosa @jacksonp
        last edited by Dec 14, 2020, 7:13 AM

        @jacksonp Post your server1.conf (/var/etc/openvpn).

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          [[user:consent.lead]]
          [[user:consent.not_received]]