Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to site - client route not installed on server

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 1 Posters 422 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pgirard
      last edited by

      Greetings.

      Spinning client openvpn on pfsense.

      Got a production server running for some years now works well for simple client to server, with push routes to clients, client overrides, etc.

      pfsense openvpn client takes the routes like the simple clients, but server doesn't install route from client.

      I have a client specific override with IPv4 Remote Network/s populated for the iroute piece, and advanced options saying route x.x.x.x 255.255.255.0; for pfsense to install route into OS table.

      Server says it's learned the route in openvpn log, but route doesn't get installed into OS table.

      Have a production 2.4.3 server, tried with 2.5.2, 2.4.4 and 2.4.3 clients thinking I maybe was facing some king of interop issue.

      Any help is most welcomed.

      Cheers.

      1 Reply Last reply Reply Quote 0
      • P
        pgirard
        last edited by

        So to follow up, some relevant logs:

        Aug 27 09:56:40 fw1 openvpn[6062]: FW1_985_555WHST/216.157.154.241:33492 OPTIONS IMPORT: reading client specific options from: /var/etc/openvpn-csc/server1/FW1_985_555WHST
Aug 27 09:56:40 fw1 openvpn[6062]: FW1_985_555WHST/216.157.154.241:33492 Options error: option 'route' cannot be used in this context (/var/etc/openvpn-csc/server1/FW1_985_555WHST)
Aug 27 09:56:40 fw1 openvpn[6062]: FW1_985_555WHST/216.157.154.241:33492 MULTI: Learn: 10.9.200.165 -> FW1_985_555WHST/216.157.154.241:33492
Aug 27 09:56:40 fw1 openvpn[6062]: FW1_985_555WHST/216.157.154.241:33492 MULTI: primary virtual IP for FW1_985_555WHST/216.157.154.241:33492: 10.9.200.165
Aug 27 09:56:40 fw1 openvpn[6062]: FW1_985_555WHST/216.157.154.241:33492 MULTI: internal route 10.6.212.0/24 -> FW1_985_555WHST/216.157.154.241:33492
Aug 27 09:56:40 fw1 openvpn[6062]: FW1_985_555WHST/216.157.154.241:33492 MULTI: Learn: 10.6.212.0/24 -> FW1_985_555WHST/216.157.154.241:33492
Aug 27 09:56:40 fw1 openvpn[6062]: FW1_985_555WHST/216.157.154.241:33492 REMOVE PUSH ROUTE: 'route 10.6.212.0 255.255.255.0'

        So the REMOVE message is weird, but it still works if I install the OS route manuall with route add in the shell. If I don't install the route manually, openvpn/pfsense doesn't and routing doesn't work.

        I've scoured around the net and what I can find is this page:

        https://docs.netgate.com/pfsense/en/latest/troubleshooting/openvpn-iroute.html

        Saying clearly that the netblock and route advanced options are necessary. However, you can see in my log output that the server seemingly rejects the option saying it can't be used in this context.

        1 Reply Last reply Reply Quote 0
        • P
          pgirard
          last edited by

          So, installing a static route manually in the OS makes the thing work.

          A bit stuck now, feels like the knobs are not doing what they should.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.