Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Adding additional route to OpenVPN Client

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 646 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      albertmiclat
      last edited by

      Hi All,

      I'm trying to add additional routes to my OpenVPN but for some reason is not working.

      When I connect to OpenVPN I can see the route are being added.

      On windows I used netstat -rn

      IPv4 Route Table
      Active Routes:
      Network Destination Netmask Gateway Interface Metric
      0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.71 40
      0.0.0.0 128.0.0.0 10.40.1.1 10.40.1.2 281
      10.40.1.0 255.255.255.0 On-link 10.40.1.2 281
      10.40.1.2 255.255.255.255 On-link 10.40.1.2 281
      10.40.1.255 255.255.255.255 On-link 10.40.1.2 281
      10.60.0.0 255.255.0.0 10.40.1.1 10.40.1.2 281
      10.62.21.0 255.255.255.0 10.40.1.1 10.40.1.2 281
      10.84.3.0 255.255.255.0 10.40.1.1 10.40.1.2 281
      10.88.1.0 255.255.255.0 10.40.1.1 10.40.1.2 281
      10.100.0.0 255.255.255.0 10.40.1.1 10.40.1.2 281
      10.212.0.0 255.255.255.0 10.40.1.1 10.40.1.2 281

      But when I do a ping test it shows RTO.

      C:>ping 10.60.3.1

      Pinging 10.60.3.1 with 32 bytes of data:
      Request timed out.
      Request timed out.
      Request timed out.
      Request timed out.

      Ping statistics for 10.60.3.1:
      Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

      Thanks in advance

      M 1 Reply Last reply Reply Quote 0
      • M
        marvosa @albertmiclat
        last edited by

        @albertmiclat
        Looks like all your other routes are /24's, but it appears you are also pushing 10.60.0.0/16? Is that what you intended?

        Where does 10.60.3.1 exist? Is it a VLAN or physical interface on PFsense? If so, are there firewall rules to allow the return traffic? What do the rules look like on your OpenVPN tab? Are there rules allowing inbound traffic sourced from your tunnel network?

        A 1 Reply Last reply Reply Quote 0
        • A
          albertmiclat @marvosa
          last edited by

          @marvosa

          Hello, yes most of my remote sites are /24, only this site is /16 (10.60.x.x).

          10.60.x.x is a LAN network from remote site and its connected via IPSec tunnel. (10.60.3.1 is a Domain Controller)

          If I'm in office i can reach all sites, when I connect to OpenVPN from home i can't reach the remote site despite of having the route added into the OpenVPN Advance settings.

          My OpenVPN firewall is to allow anything.
          OpenVPN Rule.PNG

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @albertmiclat
            last edited by

            @albertmiclat said in Adding additional route to OpenVPN Client:

            10.60.x.x is a LAN network from remote site and its connected via IPSec tunnel.

            So this network is on another location connected to the office network via IPSec?

            A 1 Reply Last reply Reply Quote 0
            • A
              albertmiclat @viragomann
              last edited by

              @viragomann said in Adding additional route to OpenVPN Client:

              So this network is on another location connected to the office network via IPSec?

              Yes, correct.

              I have figured it out already, basically I just need to add another Phase 2 entry on the IPsec tunnel.
              Phase2-Entry.png

              So now I can reach the remote site over OpenVPN.

              Thanks @viragomann @marvosa

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.