Routing issues with Split Tunnel OpenVPN+FreeRAdius

jacksonp

I am having some problems setting up a client to site VPN using OpenVPN+FreeRadius on an SG appliance.

I have it set up to the point I can connect the vpn but it appears to be creating an erroneous default route which is confusing my Ubuntu laptop.

The Ubuntu laptop has a default gw of my internal network on eth0. When the OpenVPN tunnel comes up, a second default gw gets created on tun0 as well as more specific routes for the remote network.

Until I manually delete the tun0 route, I am unable to connect to the remote network over VPN.

Once the default route gets delete everything works.

Is there anything specific that needs to be done to stop that default route on tun0 getting created.

Setting on PFsense are

server mode: Remote Access (User Auth)
Backend for auth: Radius
Protocol: UDP on IPv4 only
Device mode: tun
Interface WAN
Local port: 1194

TLS Config: Use a TLS Key
TLS Key Usage mode: TLS Encryption and Authentication
TLS Keydir direction: Use default
Peer certificate Authoritd: FreeRADIUS CA
DH Parameter Lnegth: 3072
ECDH Curve: use default
Encryption Algo: AES-256-GCM (256bitkey 128 block)
NPC Algo: AED-256-gce
Auth direst algo: SHA384
Hardware Crypto: Intel RDRAND
Cert depth: One

IPv4 Tunnel Nework: 10.10.10.0/24
IPv6 Tunnel Network: none
Redirect IPv4 Gateway: Off
IPv4 Local neworks: 10.10.11.0/24, 10.10.12.0/24, 10.10.13/24

FreeRADIUS is set to give a client and IP address. eg

User1
IPv4 Address 10.10.10.10
Subnet Mask: 255.255.255.0
IPv4 Gateway: 10.10.10.0/24 10.10.10.1 1

(if I remove the IPv4 gateway, VPN connects but nothing works)

jacksonp

Bumping on the off chance anyone can help

marvosa

@jacksonp Post your server1.conf (/var/etc/openvpn).