routing issue with concurrent openVPN clients
-
I have the openVPN server setup in pfSense and two clients connected to it. Issue is only the first client can reach/ping the tunnel IP of pfSense and the LAN side VMs of pfSense, but the subsequent clients can't ping.
Tunnel Subnet: 10.255.240.0/20
PfSense IP: 10.255.240.1
1st Client IP: 10.255.240.2
2nd Client IP: 10.255.240.3Upon checking the routes I see for the 1st client, interface is "ovpns4" and flags are "UP,HOST,DONE,PINNED"
but for the 2nd client, interface is "lo0" and flags are "UP,GATEWAY,DONE,STATIC"
[22.01-RELEASE][admin@pfSense.localdomain]/root: route -n get 10.255.240.2 route to: 10.255.240.2 destination: 10.255.240.2 fib: 0 interface: ovpns4 flags: <UP,HOST,DONE,PINNED> recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1500 1 0
[22.01-RELEASE][admin@pfSense.localdomain]/root: route -n get 10.255.240.3 route to: 10.255.240.3 destination: 10.255.240.0 mask: 255.255.240.0 gateway: 10.255.240.1 fib: 0 interface: lo0 flags: <UP,GATEWAY,DONE,STATIC> recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 16384 1 0]]
as a test i added a route for 2nd client tunnel IP (10.255.240.3) like below -
[22.01-RELEASE][admin@pfSense.localdomain]/root: route add -host 10.255.240.3 -interface ovpns4
right away the 2nd client started to ping pfSense and the LAN VMs, and the route looks below now -
[22.01-RELEASE][admin@pfSense.localdomain]/root: route -n get 10.255.240.3 route to: 10.255.240.3 destination: 10.255.240.3 fib: 0 interface: ovpns4 flags: <**UP,HOST,DONE,STATIC**> recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1500 1 0
I am not sure why pfSense is adding the subsequent client IP's on loopback interface and the flags are set to GATEWAY/STATIC.
Is there some settings that need to be changed to overcome this and make it persistent? The "route add" method that I tried is not persistent and also not possible to do for every upcoming clients.Any help is really appreciated, thank you in advance :)