SOLVED! - pfSense OpenVPN route trough WAN interface

ground01

Hi all,

after reading some howto's im successfully having my client to connect to my pfSense using PKI.

when connected trough OpenVPN i want my client to be able to 'internet' trough my pfSense box.
however when connected it just keep using my own gateway.

i have been reading about pushing a route but not sure how to format it.

can someone help me out?

thanks!

Had to create a manual entry in the Firewall -> NAT -> Outbound to add the OpenVPN subnet

GruensFroeschli

Please use the search function:
http://forum.pfsense.org/index.php?action=search

–> http://forum.pfsense.org/index.php/topic,6056.0.html

ground01

Hi,

Sorry for not being very complete.

I already used a open-vpn client specific push which looked like this:

push "dhcp-option DNS 172.16.2.1";push "redirect-gateway def1"

resolving DNS goes correct, but all other traffic does not work.

GruensFroeschli

What is in the log on the client side upon connection?
Did you make sure that the pushes actually get to the client?

ground01

@GruensFroeschli:

What is in the log on the client side upon connection?
Did you make sure that the pushes actually get to the client?

I see the following in my console:

Wed Jun 10 15:47:05 2009 PUSH: Received control message: 'PUSH_REPLY,dhcp-option
 DISABLE-NBT,route 10.0.50.1,ping 10,ping-restart 60,dhcp-option DNS 172.16.2.1,
redirect-gateway def1,ifconfig 10.0.50.6 10.0.50.5'

-- snip --

Wed Jun 10 15:47:10 2009 route ADD [b]<pfsense-wan-ip>[/b] MASK 255.255.255.255 172.17.3.8
Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
Wed Jun 10 15:47:10 2009 route ADD 0.0.0.0 MASK 128.0.0.0 10.0.50.5
Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
Wed Jun 10 15:47:10 2009 route ADD 128.0.0.0 MASK 128.0.0.0 10.0.50.5
Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
Wed Jun 10 15:47:10 2009 route ADD 10.0.50.1 MASK 255.255.255.255 10.0.50.5
Wed Jun 10 15:47:10 2009 Route addition via IPAPI succeeded
Wed Jun 10 15:47:10 2009 Initialization Sequence Completed</pfsense-wan-ip> 

ground01

Also tried with TunnelBrick on Mac OS X.

When looking in the console i see the def gw being set but i can not trace out further then the first hop (10.0.50.1) in my case…

???

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
0/1                10.0.50.5          UGSc        5       12   tun0
default            192.168.1.254      UGSc       12      113    en1
10.0.50.1/32       10.0.50.5          UGSc        0        0   tun0
10.0.50.5          10.0.50.6          UH          5        0   tun0
[PFSENSE-WAN-IP]/32    192.168.1.254      UGSc        1        0    en1
127                localhost          UCS         0        0    lo0
localhost          localhost          UH          4     3888    lo0
128.0/1            10.0.50.5          UGSc        1        0   tun0