Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SOLVED! - pfSense OpenVPN route trough WAN interface

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 17.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      ground01
      last edited by

      Hi all,

      after reading some howto's im successfully having my client to connect to my pfSense using PKI.

      when connected trough OpenVPN i want my client to be able to 'internet' trough my pfSense box.
      however when connected it just keep using my own gateway.

      i have been reading about pushing a route but not sure how to format it.

      can someone help me out?

      thanks!

      Had to create a manual entry in the Firewall -> NAT -> Outbound to add the OpenVPN subnet

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Please use the search function:
        http://forum.pfsense.org/index.php?action=search

        –> http://forum.pfsense.org/index.php/topic,6056.0.html

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • G
          ground01
          last edited by

          Hi,

          Sorry for not being very complete.

          I already used a open-vpn client specific push which looked like this:

          push "dhcp-option DNS 172.16.2.1";push "redirect-gateway def1"

          resolving DNS goes correct, but all other traffic does not work.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            What is in the log on the client side upon connection?
            Did you make sure that the pushes actually get to the client?

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • G
              ground01
              last edited by

              @GruensFroeschli:

              What is in the log on the client side upon connection?
              Did you make sure that the pushes actually get to the client?

              I see the following in my console:

              
              Wed Jun 10 15:47:05 2009 PUSH: Received control message: 'PUSH_REPLY,dhcp-option
               DISABLE-NBT,route 10.0.50.1,ping 10,ping-restart 60,dhcp-option DNS 172.16.2.1,
              redirect-gateway def1,ifconfig 10.0.50.6 10.0.50.5'
              
              -- snip --
              
              Wed Jun 10 15:47:10 2009 route ADD [b]<pfsense-wan-ip>[/b] MASK 255.255.255.255 172.17.3.8
              Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
              Wed Jun 10 15:47:10 2009 route ADD 0.0.0.0 MASK 128.0.0.0 10.0.50.5
              Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
              Wed Jun 10 15:47:10 2009 route ADD 128.0.0.0 MASK 128.0.0.0 10.0.50.5
              Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
              Wed Jun 10 15:47:10 2009 route ADD 10.0.50.1 MASK 255.255.255.255 10.0.50.5
              Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
              Wed Jun 10 15:47:10 2009 Initialization Sequence Completed</pfsense-wan-ip> 
              
              1 Reply Last reply Reply Quote 0
              • G
                ground01
                last edited by

                Also tried with TunnelBrick on Mac OS X.

                When looking in the console i see the def gw being set but i can not trace out further then the first hop (10.0.50.1) in my case…

                ???

                
                Routing tables
                
                Internet:
                Destination        Gateway            Flags    Refs      Use  Netif Expire
                0/1                10.0.50.5          UGSc        5       12   tun0
                default            192.168.1.254      UGSc       12      113    en1
                10.0.50.1/32       10.0.50.5          UGSc        0        0   tun0
                10.0.50.5          10.0.50.6          UH          5        0   tun0
                [PFSENSE-WAN-IP]/32    192.168.1.254      UGSc        1        0    en1
                127                localhost          UCS         0        0    lo0
                localhost          localhost          UH          4     3888    lo0
                128.0/1            10.0.50.5          UGSc        1        0   tun0
                
                
                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.