SOLVED! - pfSense OpenVPN route trough WAN interface



  • Hi all,

    after reading some howto's im successfully having my client to connect to my pfSense using PKI.

    when connected trough OpenVPN i want my client to be able to 'internet' trough my pfSense box.
    however when connected it just keep using my own gateway.

    i have been reading about pushing a route but not sure how to format it.

    can someone help me out?

    thanks!

    Had to create a manual entry in the Firewall -> NAT -> Outbound to add the OpenVPN subnet





  • Hi,

    Sorry for not being very complete.

    I already used a open-vpn client specific push which looked like this:

    push "dhcp-option DNS 172.16.2.1";push "redirect-gateway def1"

    resolving DNS goes correct, but all other traffic does not work.



  • What is in the log on the client side upon connection?
    Did you make sure that the pushes actually get to the client?



  • @GruensFroeschli:

    What is in the log on the client side upon connection?
    Did you make sure that the pushes actually get to the client?

    I see the following in my console:

    
    Wed Jun 10 15:47:05 2009 PUSH: Received control message: 'PUSH_REPLY,dhcp-option
     DISABLE-NBT,route 10.0.50.1,ping 10,ping-restart 60,dhcp-option DNS 172.16.2.1,
    redirect-gateway def1,ifconfig 10.0.50.6 10.0.50.5'
    
    -- snip --
    
    Wed Jun 10 15:47:10 2009 route ADD [b]<pfsense-wan-ip>[/b] MASK 255.255.255.255 172.17.3.8
    Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
    Wed Jun 10 15:47:10 2009 route ADD 0.0.0.0 MASK 128.0.0.0 10.0.50.5
    Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
    Wed Jun 10 15:47:10 2009 route ADD 128.0.0.0 MASK 128.0.0.0 10.0.50.5
    Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
    Wed Jun 10 15:47:10 2009 route ADD 10.0.50.1 MASK 255.255.255.255 10.0.50.5
    Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
    Wed Jun 10 15:47:10 2009 Initialization Sequence Completed</pfsense-wan-ip> 
    


  • Also tried with TunnelBrick on Mac OS X.

    When looking in the console i see the def gw being set but i can not trace out further then the first hop (10.0.50.1) in my case…

    ???

    
    Routing tables
    
    Internet:
    Destination        Gateway            Flags    Refs      Use  Netif Expire
    0/1                10.0.50.5          UGSc        5       12   tun0
    default            192.168.1.254      UGSc       12      113    en1
    10.0.50.1/32       10.0.50.5          UGSc        0        0   tun0
    10.0.50.5          10.0.50.6          UH          5        0   tun0
    [PFSENSE-WAN-IP]/32    192.168.1.254      UGSc        1        0    en1
    127                localhost          UCS         0        0    lo0
    localhost          localhost          UH          4     3888    lo0
    128.0/1            10.0.50.5          UGSc        1        0   tun0
    
    

Log in to reply