Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Openvpn client not route traffic from other interface

OpenVPN

2

7

791

Log in to reply

Z

zeliko
last edited by zeliko

Hello everyone,
I have this setup on my PFSENSE:

int wan --> 192.168.0.2
int lan --> 10.10.110.0/24
int OFFICE ( vlan xxx ) --> 10.10.111.0/24
Virtual ip OpenVPN --> 10.8.0.x/24

LAN-OpenVPN --> 172.16.7.0/24

I have configured my openvpn client, which connects successfully. From the LAN interface, I can ping the client's network, but from the OFFICE interface, I can't.

Ping from LAN to LAN-OpenVPN --> Ok
Ping from OpenVpn to VirtualIP OpenVpnClient --> OK

Ping from OFFICE to VirtualIP OpenVpnClient --> OK
Ping from OFFICE to OpenVpnClient-GW ---> FAIL
Ping from OFFICE to LAN-OpenVPN --> FAIL

The routing appears to be correct.
V 1 Reply Last reply
Reply Quote 0
V

viragomann @zeliko
last edited by

@zeliko said in Openvpn client not route traffic from other interface:

LAN-OpenVPN --> 172.16.7.0/24

Is this the local network of the OpenVPN client?
And if so, you want to access this network from your LAN and Office?

Is the peer-to-peer OpenVPN or an access server?
Z 1 Reply Last reply
Reply Quote 0
Z

zeliko @viragomann
last edited by

@viragomann
Yes, I have multiple lan connected to VPN.
Is an Openvpn access server.
V 1 Reply Last reply
Reply Quote 0
V

viragomann @zeliko
last edited by

@zeliko
So you have configure a CSO (VPN > OpenVPN > Client Specific Overrides) for that client you want to access the LAN behind.

You need to specify at least the server, the Common Name (common name of the client's certificate or the user name. Consider to set "Username as Common Name" in the server settings properly.) and the client's LAN in IPv4 Remote Network/s.
Z 1 Reply Last reply
Reply Quote 0
Z

zeliko @viragomann
last edited by zeliko

@viragomann
Hello,
I have set the options described but nothing changes.
the pc connected on the LAN not get the route for vpn lan.

While the route is correctly set to PFSENSE:

route -n get 172.16.7.20
route to: 172.16.7.20
destination: 172.16.7.0
mask: 255.255.255.0
gateway: 10.8.0.1
fib: 0
interface: ovpnc1
V 1 Reply Last reply
Reply Quote 0
V

viragomann @zeliko
last edited by

@zeliko said in Openvpn client not route traffic from other interface:

While the route is correctly set to PFSENSE:
route -n get 172.16.7.20
route to: 172.16.7.20
destination: 172.16.7.0
mask: 255.255.255.0
gateway: 10.8.0.1

If the route was set correctly it would point to the clients IP. I doubt that this is 10.8.0.1.

So possibly the CSO is not applied due to wrong configuration.
The OpenVPN log show if it is applied, when establishing the connection.
1 Reply Last reply
Reply Quote 0
Z

zeliko
last edited by

@viragomann
Hello,
I finally found the error. The NAT of the local interface on the VPN interface was missing!
1 Reply Last reply
Reply Quote 0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1