Adding additional route to OpenVPN Client
-
Hi All,
I'm trying to add additional routes to my OpenVPN but for some reason is not working.
When I connect to OpenVPN I can see the route are being added.
On windows I used netstat -rn
IPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.71 40
0.0.0.0 128.0.0.0 10.40.1.1 10.40.1.2 281
10.40.1.0 255.255.255.0 On-link 10.40.1.2 281
10.40.1.2 255.255.255.255 On-link 10.40.1.2 281
10.40.1.255 255.255.255.255 On-link 10.40.1.2 281
10.60.0.0 255.255.0.0 10.40.1.1 10.40.1.2 281
10.62.21.0 255.255.255.0 10.40.1.1 10.40.1.2 281
10.84.3.0 255.255.255.0 10.40.1.1 10.40.1.2 281
10.88.1.0 255.255.255.0 10.40.1.1 10.40.1.2 281
10.100.0.0 255.255.255.0 10.40.1.1 10.40.1.2 281
10.212.0.0 255.255.255.0 10.40.1.1 10.40.1.2 281But when I do a ping test it shows RTO.
C:>ping 10.60.3.1
Pinging 10.60.3.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.Ping statistics for 10.60.3.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),Thanks in advance
-
@albertmiclat
Looks like all your other routes are /24's, but it appears you are also pushing 10.60.0.0/16? Is that what you intended?Where does 10.60.3.1 exist? Is it a VLAN or physical interface on PFsense? If so, are there firewall rules to allow the return traffic? What do the rules look like on your OpenVPN tab? Are there rules allowing inbound traffic sourced from your tunnel network?
-
Hello, yes most of my remote sites are /24, only this site is /16 (10.60.x.x).
10.60.x.x is a LAN network from remote site and its connected via IPSec tunnel. (10.60.3.1 is a Domain Controller)
If I'm in office i can reach all sites, when I connect to OpenVPN from home i can't reach the remote site despite of having the route added into the OpenVPN Advance settings.
My OpenVPN firewall is to allow anything.
-
@albertmiclat said in Adding additional route to OpenVPN Client:
10.60.x.x is a LAN network from remote site and its connected via IPSec tunnel.
So this network is on another location connected to the office network via IPSec?
-
@viragomann said in Adding additional route to OpenVPN Client:
So this network is on another location connected to the office network via IPSec?
Yes, correct.
I have figured it out already, basically I just need to add another Phase 2 entry on the IPsec tunnel.
So now I can reach the remote site over OpenVPN.
Thanks @viragomann @marvosa