Issue routing a subnet to pfSense openVPN client
-
I have a setup with a WAN access and two LANs (two different interfaces and subnets, let's call them LAN_1 and LAN_2).
I have set up an openVPN server on a dedicated server in a datacenter somewhere on the Internet.
My goal is to have LAN_2 access the Internet through the tunnel to escape CGNAT and hide traffic from my ISP and have LAN_1 access the Internet normally, through my ISP gateway.
I have configured the pfSense openVPN client to connect to that server throught the WAN interface, configured the ovpnc1 interface which now appears in my gateways list, configured a firewall access rule allowing IPV4* coming from LAN_2 and routing it through the ovpnc1 gateway, a firewall NAT rule mapping the LAN_2 subnet to the ovpnc1 gateway.
Tunnel connects ans client gets a 10.8.x.X/24 IP from the server.
If "Don't pull routes" and "Don't add/remove routes" are unchecked in the client config, LAN_2 accesses the Internet through the VPN but LAN_1 loses Internet access.
If I check any of those boxes LAN_1 gets Internet access back but LAN_2 loses it.
In that last configuration, LAN_2 can ping the openVPN server (10.8.0.1) when I add a static route to it via the ovpnc1 gateway.
So I beleive I have a routing issue but can't figure it out. I've spent 10 hours tinkering with it with no result.
Anyone have any Idea? I expected this to be an easy thing, so wether I'm stupid or it's a bug or I don't know... but It's driving me nuts !!!
What did I miss ? -
Ok, I figured it out.
Lost hours and losing my mind but got it.The openVPN client assigned IP (10.8.0.x scope) can not be pinged for whatever reason, so gateway was considered down and traffic was defaulting to an alt (default) gateway.
Disabling gateway monitoring or (better) specifying a working IP to monitor (I used 10.8.0.1 which is the openVPN server) fixed it.