Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    routing issue with concurrent openVPN clients

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 377 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      menan16
      last edited by menan16

      I have the openVPN server setup in pfSense and two clients connected to it. Issue is only the first client can reach/ping the tunnel IP of pfSense and the LAN side VMs of pfSense, but the subsequent clients can't ping.

      Tunnel Subnet: 10.255.240.0/20
      PfSense IP: 10.255.240.1
      1st Client IP: 10.255.240.2
      2nd Client IP: 10.255.240.3

      Upon checking the routes I see for the 1st client, interface is "ovpns4" and flags are "UP,HOST,DONE,PINNED"

      but for the 2nd client, interface is "lo0" and flags are "UP,GATEWAY,DONE,STATIC"

      [22.01-RELEASE][admin@pfSense.localdomain]/root: route -n get 10.255.240.2
         route to: 10.255.240.2
      destination: 10.255.240.2
              fib: 0
        interface: ovpns4
            flags: <UP,HOST,DONE,PINNED>
       recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
             0         0         0         0      1500         1         0
      
      [22.01-RELEASE][admin@pfSense.localdomain]/root: route -n get 10.255.240.3
         route to: 10.255.240.3
      destination: 10.255.240.0
             mask: 255.255.240.0
          gateway: 10.255.240.1
              fib: 0
        interface: lo0
            flags: <UP,GATEWAY,DONE,STATIC>
       recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
             0         0         0         0     16384         1         0]]
      

      as a test i added a route for 2nd client tunnel IP (10.255.240.3) like below -

      [22.01-RELEASE][admin@pfSense.localdomain]/root: route add -host 10.255.240.3 -interface ovpns4
      

      right away the 2nd client started to ping pfSense and the LAN VMs, and the route looks below now -

      [22.01-RELEASE][admin@pfSense.localdomain]/root: route -n get 10.255.240.3
         route to: 10.255.240.3
      destination: 10.255.240.3
              fib: 0
        interface: ovpns4
            flags: <**UP,HOST,DONE,STATIC**>
       recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
             0         0         0         0      1500         1         0
      

      I am not sure why pfSense is adding the subsequent client IP's on loopback interface and the flags are set to GATEWAY/STATIC.
      Is there some settings that need to be changed to overcome this and make it persistent? The "route add" method that I tried is not persistent and also not possible to do for every upcoming clients.

      Any help is really appreciated, thank you in advance :)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.