Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN strange routing issue

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 480 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mat123
      last edited by mat123

      Hello colleagues

      I'm using multiple OpenVPN setups without any issues, but now I finally have an issue which I cannot solve myself. In order to keep things easy, I've setup an demo environment with only the bare minimum.

      Goal: I would like to create a working site2site OpenVPN tunnel, for now to test, with allow any-any communication.

      Devices used:

      • CHGW001, pfSense 2.6.0 as the OpenVPN Server
      • FIGW001, Mikrotik router as the OpenVPN Client

      Main configuration of OpenVPN server on CHGW001:

      • Server mode: Peer to Peer (SSL/TLS)
      • Device mode: tun
      • Protocol: TCP on IPv4 only
      • Interface WAN
      • Local Port: 65010
      • TLS Configuration: disabled
      • IPv4 Tunnel network: 10.100.255.0/24
      • IPv4 Local network(s): 10.123.123.0/24
      • IPv4 Remote network(s): 10.200.0.0/24
      • Topology: Subnet
      • Gateway creation: IPv4 only

      Network configuration on CHGW001:

      • Interface ovpns1 assigned to Interface OPT1
      • OPT1 interface activated
      • LAN allow all rule still present
      • OPT1 allow all rule created

      The OpenVPN client is configured accordingly (should not matter for this issue, if you think it matters, I'm happy to add the configuration too).

      What I expect to see:

      • The FIGW001 OpenVPN client establish an OpenVPN connection with the OpenVPN Server on CHGW001
      • Route for remote network 10.200.0.0/24 is present in routing table on CHGW001 with 10.100.255.2 as gateway
      • Route for remote network 10.123.123.0/24 is present in routing table on FIGW001
      • Client behind CHGW001 can ping CHGW001 OpenVPN address 10.100.255.1
      • Client behind CHGW001 can ping FIGW001 OpenVPN address 10.100.255.2
      • Client behind CHGW001 can ping FIGW001 LAN IP address 10.200.0.1

      What I see:

      • I see everything listed above, but I'm not able to reach 10.200.0.1

      What I think is the issue:
      On CHGW001 in 'Diagnostic' -> 'Routes' I can see the correctly invoked route 10.200.0.0/24 through interface ovpns1 and gateway 10.100.255.2, but I don't see ans 'Uses' of the route. So somehow pfSense doesn't like to send the traffic from the client into the tunnel.

      Anyone has an idea how to debug this issue?
      I already tried to remove the 'remote network' from the OpenVPN server configuration on CHGW001 and instead created an gateway and static route manually, but the outcome is the very same.
      As the traffic is not even sent to FIGW001, the OpenVPN client configuration on FIGW001 and firewall configuration on FIGW001 are out of scope for this issue.

      Here is the basic network layout:
      openvpnissue.png

      Here different Screenshots I gathered from the CHGW001 (OpenVPN server):
      https://www.file.io/7tkA/download/h5EW7FgHdCAe

      Any suggestions are welcome for additional troubleshooting.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @mat123
        last edited by

        @mat123 said in OpenVPN strange routing issue:

        IPv4 Tunnel network: 10.100.255.0/24

        Either change the tunnel subnet mask to /30 or configure a client specific override.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.