Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense client does not load route

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 6
      610Garage
      last edited by

      I have a couple of sites with pfsense routers that connect to our office via openvpn. One of the routers died, so I got new hardware and loaded pfsense. I set up openVPN according to the online documentation and it connected the first try. However, my client router is not adding a route for the vpn. So I cannot access anything through the vpn in either direction. On the client, I am getting the following error.

      OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options

OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.3.0

      Both the office router and the client router are on new installations running 2.7.2 pfsense. I've tried to google the error, but I have yet to find a solution. Any assistance would be greatly appreciated. Thanks.

      Server config:

      dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local ***.***.***.***
engine rdrand
tls-server
ifconfig 192.168.22.1 192.168.22.2
tls-verify "/usr/local/sbin/ovpn_auth_verify tls '768VPN_cert' 1"
lport *
management /var/etc/openvpn/server1/sock unix
push "route 192.168.3.0 255.255.248.0"
remote-cert-tls client
route 192.168.202.0 255.255.255.0
capath /var/etc/openvpn/server1/ca
cert /var/etc/openvpn/server1/cert 
key /var/etc/openvpn/server1/key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no

      Server Log:

      Dec 27 03:37:07	openvpn	89835	OCC exit message received by peer
Dec 27 03:37:07	openvpn	89835	SIGUSR1[soft,remote-exit] received, process restarting
Dec 27 03:37:08	openvpn	89835	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 27 03:37:08	openvpn	89835	Note: OpenSSL hardware crypto engine functionality is not available
Dec 27 03:37:08	openvpn	89835	Preserving previous TUN/TAP instance: ovpns1
Dec 27 03:37:08	openvpn	89835	UDPv4 link local (bound): [AF_INET]****
Dec 27 03:37:08	openvpn	89835	UDPv4 link remote: [AF_UNSPEC]
Dec 27 03:37:09	openvpn	89835	peer info: IV_VER=2.6.8
Dec 27 03:37:09	openvpn	89835	peer info: IV_PLAT=freebsd
Dec 27 03:37:09	openvpn	89835	peer info: IV_TCPNL=1
Dec 27 03:37:09	openvpn	89835	peer info: IV_MTU=1600
Dec 27 03:37:09	openvpn	89835	peer info: IV_NCP=2
Dec 27 03:37:09	openvpn	89835	peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
Dec 27 03:37:09	openvpn	89835	peer info: IV_PROTO=990
Dec 27 03:37:09	openvpn	89835	peer info: IV_LZO_STUB=1
Dec 27 03:37:09	openvpn	89835	peer info: IV_COMP_STUB=1
Dec 27 03:37:09	openvpn	89835	peer info: IV_COMP_STUBv2=1
Dec 27 03:37:09	openvpn	89835	[768VPNClient_cert] Peer Connection Initiated with [AF_INET]****
Dec 27 03:37:10	openvpn	89835	Initialization Sequence Completed

      Client Config:

      dev ovpnc1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local ***.***.***.***
tls-client
lport 0
management /var/etc/openvpn/client1/sock unix
remote **** udp4
pull
remote-cert-tls server
route 192.168.3.0 255.255.248.0
capath /var/etc/openvpn/client1/ca
cert /var/etc/openvpn/client1/cert 
key /var/etc/openvpn/client1/key 
tls-auth /var/etc/openvpn/client1/tls-auth 1
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
resolv-retry infinite
route-noexec
explicit-exit-notify 1

      Client Log:

      Dec 27 03:37:07	openvpn	72294	event_wait : Interrupted system call (fd=-1,code=4)
Dec 27 03:37:07	openvpn	72294	SIGTERM received, sending exit notification to peer
Dec 27 03:37:08	openvpn	72294	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 0 init
Dec 27 03:37:08	openvpn	47202	Flushing states on OpenVPN interface ovpnc1 (Link Down)
Dec 27 03:37:09	openvpn	72294	SIGTERM[soft,exit-with-notification] received, process exiting
Dec 27 03:37:09	openvpn	57406	OpenVPN 2.6.8 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
Dec 27 03:37:09	openvpn	57406	library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10
Dec 27 03:37:09	openvpn	57406	DCO version: FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec 6 20:45:47 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/F
Dec 27 03:37:09	openvpn	57753	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 27 03:37:09	openvpn	57753	WARNING: experimental option --capath /var/etc/openvpn/client1/ca
Dec 27 03:37:09	openvpn	57753	TCP/UDP: Preserving recently used remote address: [AF_INET]****
Dec 27 03:37:09	openvpn	57753	UDPv4 link local (bound): [AF_INET]****
Dec 27 03:37:09	openvpn	57753	UDPv4 link remote: [AF_INET]****
Dec 27 03:37:09	openvpn	57753	peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
Dec 27 03:37:09	openvpn	57753	peer info: IV_PROTO=746
Dec 27 03:37:09	openvpn	57753	[768VPN_cert] Peer Connection Initiated with [AF_INET]****
Dec 27 03:37:10	openvpn	57753	OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Dec 27 03:37:10	openvpn	57753	OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.3.0
Dec 27 03:37:10	openvpn	57753	OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Dec 27 03:37:10	openvpn	57753	OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.3.0
Dec 27 03:37:10	openvpn	57753	TUN/TAP device ovpnc1 exists previously, keep at program end
Dec 27 03:37:10	openvpn	57753	TUN/TAP device /dev/tun1 opened
Dec 27 03:37:10	openvpn	57753	/usr/local/sbin/ovpn-linkup ovpnc1 1500 0 init
Dec 27 03:37:10	openvpn	57753	Initialization Sequence Completed
      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @610Garage
        last edited by

        @610Garage said in pfsense client does not load route:

        route 192.168.3.0 255.255.248.0

        This is an invalid setting. You have to state a proper network address and a mask. 192.168.3.0 is not the network address for a 255.255.248.0 mask.
        If the mask is correct then the network address is 192.168.0.0. So you have to enter "192.168.0.0/21".

        You did this mistake at both sites.

        Also at the client you obviously have checked "Don't add/remove routes", which makes no sense at all if you need to add routes.

        And the server is configured to push this route. Hence it's needless to add the route on the client as well. If you want to let the client set the routes on its own and ignore the pushed routes from the server, however, check "Don't pull routes" in the clients settings.

        6 1 Reply Last reply Reply Quote 0
        • 6
          610Garage @viragomann
          last edited by

          @viragomann said in pfsense client does not load route:

          Also at the client you obviously have checked "Don't add/remove routes", which makes no sense at all if you need to add routes.

          That was because I got to the point of just trying anything and forgetting to set it back. 🙃 I unchecked that setting.

          @viragomann said in pfsense client does not load route:

          This is an invalid setting. You have to state a proper network address and a mask. 192.168.3.0 is not the network address for a 255.255.248.0 mask.
          If the mask is correct then the network address is 192.168.0.0. So you have to enter "192.168.0.0/21".

          I changed 192.168.3.0/21 to 192.168.0.0/21 on the server and client. Same problem. I'm still getting the error:

          Dec 27 16:35:07	openvpn	23375	OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Dec 27 16:35:07	openvpn	23375	OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.0.0
Dec 27 16:35:07	openvpn	23375	OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Dec 27 16:35:07	openvpn	23375	OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.0.0
          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @610Garage
            last edited by johnpoz

            @610Garage said in pfsense client does not load route:

            I changed 192.168.3.0/21 to 192.168.0.0/21

            You understand those are the same network right?

            192.168.3.0/21 = 192.168.0.0 - 192.168.7.255

            192.168.0.0/21 = 192.168.0.0 - 192.168.7.255

            While 192.168.0.0/21 would be the better way to show that, because 192.168.3.0/21 would be more a actual host address vs a network.

            When you say this "on the server and client. "

            So you grabbed a new client config? Can we see how your server is setup in the gui? your just creating the config by hand on your own, and not downloading the via the export wizard?

            Here is a client config that can get to all of my networks.. It doesn't have some of the stuff you have in yours

            dev tun
persist-tun
persist-key
data-ciphers CHACHA20-POLY1305:AES-256-GCM
data-ciphers-fallback AES-256-GCM
auth SHA512
tls-client
client
resolv-retry infinite
remote 209.publicIPofServer 443 tcp4
nobind
verify-x509-name "NewPfsenseOpenVPN-ECDSA" name
remote-cert-tls server

            minus the certs, etc.

            Why are you calling out dev ovpnc1, and dev-node /dev/tun1

            Are you trying to run multiple vpn clients on this same box? If you going to use the route command in your client config, you need to set the gateway, either in the route command or with the route-gateway

            I would really suggest you just export your config using the export client wizard package..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            V 6 2 Replies Last reply Reply Quote 0
            • V
              viragomann @johnpoz
              last edited by

              @johnpoz said in pfsense client does not load route:

              I changed 192.168.3.0/21 to 192.168.0.0/21

              You understand those are the same network right?

              I suggested to state the correct network address there, because I saw issues in the past with stating other IPs out of the subnet.

              @610Garage
              In your server log I am missing the interface initiation. So maybe the server doesn't really have an IP address for some reason.
              Maybe we can see more details, when you enhance the verbosity level to say 4.

              The only odd I can see in the server settings is "Intel RDRAND" Hardware Crypto acceleration. Any good reason for this setting? If not select "No Hardware Crypto acceleration" from the drop-down.

              johnpozJ 6 2 Replies Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @viragomann
                last edited by

                @viragomann said in pfsense client does not load route:

                I suggested to state the correct network address there

                Yeah I agree.. I was hoping to show him the difference, but maybe I could of worded that clearer.. Your suggest is the correct one, how he had to me would be a host address on a /21 network.. because with his 3.0/21 is host address not a network address.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • 6
                  610Garage @johnpoz
                  last edited by

                  @johnpoz said in pfsense client does not load route:

                  @610Garage said in pfsense client does not load route:

                  I changed 192.168.3.0/21 to 192.168.0.0/21

                  You understand those are the same network right?

                  192.168.3.0/21 = 192.168.0.0 - 192.168.7.255

                  192.168.0.0/21 = 192.168.0.0 - 192.168.7.255

                  While 192.168.0.0/21 would be the better way to show that, because 192.168.3.0/21 would be more a actual host address vs a network.

                  When you say this "on the server and client. "

                  So you grabbed a new client config? Can we see how your server is setup in the gui? your just creating the config by hand on your own, and not downloading the via the export wizard?

                  Here is a client config that can get to all of my networks.. It doesn't have some of the stuff you have in yours

                  dev tun
persist-tun
persist-key
data-ciphers CHACHA20-POLY1305:AES-256-GCM
data-ciphers-fallback AES-256-GCM
auth SHA512
tls-client
client
resolv-retry infinite
remote 209.publicIPofServer 443 tcp4
nobind
verify-x509-name "NewPfsenseOpenVPN-ECDSA" name
remote-cert-tls server

                  minus the certs, etc.

                  Why are you calling out dev ovpnc1, and dev-node /dev/tun1

                  Are you trying to run multiple vpn clients on this same box? If you going to use the route command in your client config, you need to set the gateway, either in the route command or with the route-gateway

                  I would really suggest you just export your config using the export client wizard package..

                  The config file was generated through the web interface and there is only one client running on the client router. There are two other servers that are working fine on the server router. They are a shared key however and the clients are older versions of pfsense. This is what is adding to my confusion.

                  Back on topic, I just posted the file directly because it is easier than a screenshot. If you have a screen shot that would help, let me know. But I did try to boil down the config with no difference on the client. It is still not generating any routes on the client router.

                  1 Reply Last reply Reply Quote 0
                  • 6
                    610Garage @viragomann
                    last edited by

                    @viragomann said in pfsense client does not load route:

                    @johnpoz said in pfsense client does not load route:

                    I changed 192.168.3.0/21 to 192.168.0.0/21

                    You understand those are the same network right?

                    I suggested to state the correct network address there, because I saw issues in the past with stating other IPs out of the subnet.

                    @610Garage
                    In your server log I am missing the interface initiation. So maybe the server doesn't really have an IP address for some reason.
                    Maybe we can see more details, when you enhance the verbosity level to say 4.

                    The only odd I can see in the server settings is "Intel RDRAND" Hardware Crypto acceleration. Any good reason for this setting? If not select "No Hardware Crypto acceleration" from the drop-down.

                    Here are my log files with verbosity set to 4. I am redacting my public IP address just cause I'm paranoid. 🙃 I noticed something that may be perfectly normal

                    Dec 28 03:56:58	openvpn	18895	ROUTE_GATEWAY ***.***.***.***/255.255.255.0 IFACE=igb0 HWADDR=****

                    I redacted that IP address because it is my ISP gateway. Is that correct? I ask cause the next line is saying that it needs a gateway.

                    Server:

                    
Dec 28 03:56:50	openvpn	14120	OCC exit message received by peer
Dec 28 03:56:50	openvpn	14120	TCP/UDP: Closing socket
Dec 28 03:56:50	openvpn	14120	SIGUSR1[soft,remote-exit] received, process restarting
Dec 28 03:56:50	openvpn	14120	Restart pause, 1 second(s)
Dec 28 03:56:51	openvpn	14120	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 28 03:56:51	openvpn	14120	Re-using SSL/TLS context
Dec 28 03:56:51	openvpn	14120	Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 28 03:56:51	openvpn	14120	Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 28 03:56:51	openvpn	14120	Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
Dec 28 03:56:51	openvpn	14120	Preserving previous TUN/TAP instance: ovpns1
Dec 28 03:56:51	openvpn	14120	Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Dec 28 03:56:51	openvpn	14120	Socket Buffers: R=[42080->42080] S=[57344->57344]
Dec 28 03:56:51	openvpn	14120	UDPv4 link local (bound): [AF_INET]***.***.***.***:****
Dec 28 03:56:51	openvpn	14120	UDPv4 link remote: [AF_UNSPEC]
Dec 28 03:56:56	openvpn	14120	TLS: Initial packet from [AF_INET]***.***.***.***:****, sid=24918a3e 26fc696d
Dec 28 03:56:56	openvpn	14120	VERIFY WARNING: depth=0, unable to get certificate CRL: CN=768VPNClient_cert
Dec 28 03:56:56	openvpn	14120	VERIFY WARNING: depth=1, unable to get certificate CRL: CN=768VPN_CA
Dec 28 03:56:56	openvpn	14120	VERIFY SCRIPT OK: depth=1, CN=768VPN_CA
Dec 28 03:56:56	openvpn	14120	VERIFY OK: depth=1, CN=768VPN_CA
Dec 28 03:56:56	openvpn	14120	VERIFY KU OK
Dec 28 03:56:56	openvpn	14120	Validating certificate extended key usage
Dec 28 03:56:56	openvpn	14120	++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Dec 28 03:56:56	openvpn	14120	VERIFY EKU OK
Dec 28 03:56:56	openvpn	14120	VERIFY SCRIPT OK: depth=0, CN=768VPNClient_cert
Dec 28 03:56:56	openvpn	14120	VERIFY OK: depth=0, CN=768VPNClient_cert
Dec 28 03:56:56	openvpn	14120	peer info: IV_VER=2.6.8
Dec 28 03:56:56	openvpn	14120	peer info: IV_PLAT=freebsd
Dec 28 03:56:56	openvpn	14120	peer info: IV_TCPNL=1
Dec 28 03:56:56	openvpn	14120	peer info: IV_MTU=1600
Dec 28 03:56:56	openvpn	14120	peer info: IV_NCP=2
Dec 28 03:56:56	openvpn	14120	peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
Dec 28 03:56:56	openvpn	14120	peer info: IV_PROTO=990
Dec 28 03:56:56	openvpn	14120	peer info: IV_LZO_STUB=1
Dec 28 03:56:56	openvpn	14120	peer info: IV_COMP_STUB=1
Dec 28 03:56:56	openvpn	14120	peer info: IV_COMP_STUBv2=1
Dec 28 03:56:56	openvpn	14120	P2P mode NCP negotiation result: TLS_export=0, DATA_v2=0, peer-id 0, cipher=AES-256-GCM
Dec 28 03:56:56	openvpn	14120	TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Dec 28 03:56:56	openvpn	14120	TLS: tls_multi_process: initial untrusted session promoted to trusted
Dec 28 03:56:56	openvpn	14120	Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
Dec 28 03:56:56	openvpn	14120	[768VPNClient_cert] Peer Connection Initiated with [AF_INET]***.***.***.***:****
Dec 28 03:56:57	openvpn	14120	Data Channel MTU parms [ mss_fix:1403 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Dec 28 03:56:57	openvpn	14120	Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 28 03:56:57	openvpn	14120	Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 28 03:56:57	openvpn	14120	Initialization Sequence Completed
Dec 28 03:56:57	openvpn	14120	Data Channel: cipher 'AES-256-GCM'
Dec 28 03:56:57	openvpn	14120	Timers: ping 10, ping-restart 60
Dec 28 03:56:58	openvpn	14120	PUSH: Received control message: 'PUSH_REQUEST'
Dec 28 03:56:58	openvpn	14120	SENT CONTROL [768VPNClient_cert]: 'PUSH_REPLY,route 192.168.0.0 255.255.248.0,cipher AES-256-GCM,tun-mtu 1500' (status=1)


                    Dec 28 03:56:50	openvpn	23375	event_wait : Interrupted system call (fd=-1,code=4)
Dec 28 03:56:50	openvpn	23375	SIGTERM received, sending exit notification to peer
Dec 28 03:56:51	openvpn	23375	/usr/local/sbin/ovpn-linkdown ovpnc1 1500 0 init
Dec 28 03:56:51	openvpn	8349	Flushing states on OpenVPN interface ovpnc1 (Link Down)
Dec 28 03:56:51	openvpn	23375	SIGTERM[soft,exit-with-notification] received, process exiting
Dec 28 03:56:51	openvpn	18851	Note: --data-cipher-fallback with cipher 'AES-256-CBC' disables data channel offload.
Dec 28 03:56:51	openvpn	18851	Current Parameter Settings:
Dec 28 03:56:51	openvpn	18851	config = '/var/etc/openvpn/client1/config.ovpn'
Dec 28 03:56:51	openvpn	18851	mode = 0
Dec 28 03:56:51	openvpn	18851	show_ciphers = DISABLED
Dec 28 03:56:51	openvpn	18851	show_digests = DISABLED
Dec 28 03:56:51	openvpn	18851	show_engines = DISABLED
Dec 28 03:56:51	openvpn	18851	genkey = DISABLED
Dec 28 03:56:51	openvpn	18851	genkey_filename = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	key_pass_file = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	show_tls_ciphers = DISABLED
Dec 28 03:56:51	openvpn	18851	connect_retry_max = 0
Dec 28 03:56:51	openvpn	18851	Connection profiles [0]:
Dec 28 03:56:51	openvpn	18851	proto = udp4
Dec 28 03:56:51	openvpn	18851	local = '***.***.***.***'
Dec 28 03:56:51	openvpn	18851	local_port = '0'
Dec 28 03:56:51	openvpn	18851	remote = '***.***.***.***'
Dec 28 03:56:51	openvpn	18851	remote_port = '1198'
Dec 28 03:56:51	openvpn	18851	remote_float = DISABLED
Dec 28 03:56:51	openvpn	18851	bind_defined = DISABLED
Dec 28 03:56:51	openvpn	18851	bind_local = ENABLED
Dec 28 03:56:51	openvpn	18851	bind_ipv6_only = DISABLED
Dec 28 03:56:51	openvpn	18851	connect_retry_seconds = 1
Dec 28 03:56:51	openvpn	18851	connect_timeout = 120
Dec 28 03:56:51	openvpn	18851	socks_proxy_server = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	socks_proxy_port = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	tun_mtu = 1500
Dec 28 03:56:51	openvpn	18851	tun_mtu_defined = ENABLED
Dec 28 03:56:51	openvpn	18851	link_mtu = 1500
Dec 28 03:56:51	openvpn	18851	link_mtu_defined = DISABLED
Dec 28 03:56:51	openvpn	18851	tun_mtu_extra = 0
Dec 28 03:56:51	openvpn	18851	tun_mtu_extra_defined = DISABLED
Dec 28 03:56:51	openvpn	18851	tls_mtu = 1250
Dec 28 03:56:51	openvpn	18851	mtu_discover_type = -1
Dec 28 03:56:51	openvpn	18851	fragment = 0
Dec 28 03:56:51	openvpn	18851	mssfix = 1492
Dec 28 03:56:51	openvpn	18851	mssfix_encap = ENABLED
Dec 28 03:56:51	openvpn	18851	mssfix_fixed = DISABLED
Dec 28 03:56:51	openvpn	18851	explicit_exit_notification = 1
Dec 28 03:56:51	openvpn	18851	tls_auth_file = '[INLINE]'
Dec 28 03:56:51	openvpn	18851	key_direction = 1
Dec 28 03:56:51	openvpn	18851	tls_crypt_file = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	tls_crypt_v2_file = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	Connection profiles END
Dec 28 03:56:51	openvpn	18851	remote_random = DISABLED
Dec 28 03:56:51	openvpn	18851	ipchange = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	dev = 'ovpnc1'
Dec 28 03:56:51	openvpn	18851	dev_type = 'tun'
Dec 28 03:56:51	openvpn	18851	dev_node = '/dev/tun1'
Dec 28 03:56:51	openvpn	18851	tuntap_options.disable_dco = ENABLED
Dec 28 03:56:51	openvpn	18851	lladdr = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	topology = 1
Dec 28 03:56:51	openvpn	18851	ifconfig_local = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	ifconfig_remote_netmask = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	ifconfig_noexec = DISABLED
Dec 28 03:56:51	openvpn	18851	ifconfig_nowarn = DISABLED
Dec 28 03:56:51	openvpn	18851	ifconfig_ipv6_local = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	ifconfig_ipv6_netbits = 0
Dec 28 03:56:51	openvpn	18851	ifconfig_ipv6_remote = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	shaper = 0
Dec 28 03:56:51	openvpn	18851	mtu_test = 0
Dec 28 03:56:51	openvpn	18851	mlock = DISABLED
Dec 28 03:56:51	openvpn	18851	keepalive_ping = 10
Dec 28 03:56:51	openvpn	18851	keepalive_timeout = 60
Dec 28 03:56:51	openvpn	18851	inactivity_timeout = 0
Dec 28 03:56:51	openvpn	18851	session_timeout = 0
Dec 28 03:56:51	openvpn	18851	inactivity_minimum_bytes = 0
Dec 28 03:56:51	openvpn	18851	ping_send_timeout = 10
Dec 28 03:56:51	openvpn	18851	ping_rec_timeout = 60
Dec 28 03:56:51	openvpn	18851	ping_rec_timeout_action = 2
Dec 28 03:56:51	openvpn	18851	ping_timer_remote = ENABLED
Dec 28 03:56:51	openvpn	18851	remap_sigusr1 = 0
Dec 28 03:56:51	openvpn	18851	persist_tun = ENABLED
Dec 28 03:56:51	openvpn	18851	persist_local_ip = DISABLED
Dec 28 03:56:51	openvpn	18851	persist_remote_ip = DISABLED
Dec 28 03:56:51	openvpn	18851	persist_key = ENABLED
Dec 28 03:56:51	openvpn	18851	passtos = DISABLED
Dec 28 03:56:51	openvpn	18851	resolve_retry_seconds = 1000000000
Dec 28 03:56:51	openvpn	18851	resolve_in_advance = DISABLED
Dec 28 03:56:51	openvpn	18851	username = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	groupname = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	chroot_dir = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	cd_dir = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	writepid = '/var/run/openvpn_client1.pid'
Dec 28 03:56:51	openvpn	18851	up_script = '/usr/local/sbin/ovpn-linkup'
Dec 28 03:56:51	openvpn	18851	down_script = '/usr/local/sbin/ovpn-linkdown'
Dec 28 03:56:51	openvpn	18851	down_pre = DISABLED
Dec 28 03:56:51	openvpn	18851	up_restart = DISABLED
Dec 28 03:56:51	openvpn	18851	up_delay = DISABLED
Dec 28 03:56:51	openvpn	18851	daemon = ENABLED
Dec 28 03:56:51	openvpn	18851	log = DISABLED
Dec 28 03:56:51	openvpn	18851	suppress_timestamps = DISABLED
Dec 28 03:56:51	openvpn	18851	machine_readable_output = DISABLED
Dec 28 03:56:51	openvpn	18851	nice = 0
Dec 28 03:56:51	openvpn	18851	verbosity = 4
Dec 28 03:56:51	openvpn	18851	mute = 0
Dec 28 03:56:51	openvpn	18851	gremlin = 0
Dec 28 03:56:51	openvpn	18851	status_file = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	status_file_version = 1
Dec 28 03:56:51	openvpn	18851	status_file_update_freq = 60
Dec 28 03:56:51	openvpn	18851	occ = ENABLED
Dec 28 03:56:51	openvpn	18851	rcvbuf = 0
Dec 28 03:56:51	openvpn	18851	sndbuf = 0
Dec 28 03:56:51	openvpn	18851	sockflags = 0
Dec 28 03:56:51	openvpn	18851	fast_io = DISABLED
Dec 28 03:56:51	openvpn	18851	comp.alg = 0
Dec 28 03:56:51	openvpn	18851	route_script = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	route_default_metric = 0
Dec 28 03:56:51	openvpn	18851	route_delay = 0
Dec 28 03:56:51	openvpn	18851	route_delay_defined = DISABLED
Dec 28 03:56:51	openvpn	18851	route_gateway_via_dhcp = DISABLED
Dec 28 03:56:51	openvpn	18851	route 192.168.0.0/255.255.248.0/default (not set)/default (not set)
Dec 28 03:56:51	openvpn	18851	management_port = 'unix'
Dec 28 03:56:51	openvpn	18851	management_log_history_cache = 250
Dec 28 03:56:51	openvpn	18851	management_client_user = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	management_flags = 256
Dec 28 03:56:51	openvpn	18851	shared_secret_file = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	ciphername = 'AES-256-CBC'
Dec 28 03:56:51	openvpn	18851	authname = 'SHA256'
Dec 28 03:56:51	openvpn	18851	replay = ENABLED
Dec 28 03:56:51	openvpn	18851	replay_window = 64
Dec 28 03:56:51	openvpn	18851	replay_time = 15
Dec 28 03:56:51	openvpn	18851	test_crypto = DISABLED
Dec 28 03:56:51	openvpn	18851	tls_client = ENABLED
Dec 28 03:56:51	openvpn	18851	ca_path = '/var/etc/openvpn/client1/ca'
Dec 28 03:56:51	openvpn	18851	cert_file = '/var/etc/openvpn/client1/cert'
Dec 28 03:56:51	openvpn	18851	priv_key_file = '/var/etc/openvpn/client1/key'
Dec 28 03:56:51	openvpn	18851	cipher_list = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	tls_cert_profile = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	tls_export_cert = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	verify_x509_name = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	ns_cert_type = 0
Dec 28 03:56:51	openvpn	18851	remote_cert_ku[i] = 0
Dec 28 03:56:51	openvpn	18851	remote_cert_ku[i] = 0
Dec 28 03:56:51	openvpn	18851	remote_cert_ku[i] = 0
Dec 28 03:56:51	openvpn	18851	remote_cert_ku[i] = 0
Dec 28 03:56:51	openvpn	18851	remote_cert_ku[i] = 0
Dec 28 03:56:51	openvpn	18851	remote_cert_ku[i] = 0
Dec 28 03:56:51	openvpn	18851	remote_cert_ku[i] = 0
Dec 28 03:56:51	openvpn	18851	remote_cert_ku[i] = 0
Dec 28 03:56:51	openvpn	18851	remote_cert_eku = 'TLS Web Server Authentication'
Dec 28 03:56:51	openvpn	18851	tls_timeout = 2
Dec 28 03:56:51	openvpn	18851	renegotiate_packets = 0
Dec 28 03:56:51	openvpn	18851	handshake_window = 60
Dec 28 03:56:51	openvpn	18851	single_session = DISABLED
Dec 28 03:56:51	openvpn	18851	tls_exit = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_protected_authentication = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_protected_authentication = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_protected_authentication = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_protected_authentication = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_protected_authentication = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_protected_authentication = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_protected_authentication = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_protected_authentication = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_protected_authentication = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_private_mode = 00000000
Dec 28 03:56:51	openvpn	18851	pkcs11_private_mode = 00000000
Dec 28 03:56:51	openvpn	18851	pkcs11_private_mode = 00000000
Dec 28 03:56:51	openvpn	18851	pkcs11_private_mode = 00000000
Dec 28 03:56:51	openvpn	18851	pkcs11_private_mode = 00000000
Dec 28 03:56:51	openvpn	18851	pkcs11_private_mode = 00000000
Dec 28 03:56:51	openvpn	18851	pkcs11_private_mode = 00000000
Dec 28 03:56:51	openvpn	18851	pkcs11_private_mode = 00000000
Dec 28 03:56:51	openvpn	18851	pkcs11_cert_private = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_cert_private = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_cert_private = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_cert_private = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_cert_private = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_cert_private = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_cert_private = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_cert_private = DISABLED
Dec 28 03:56:51	openvpn	18851	pkcs11_pin_cache_period = -1
Dec 28 03:56:51	openvpn	18851	pkcs11_id_management = DISABLED
Dec 28 03:56:51	openvpn	18851	server_network = 0.0.0.0
Dec 28 03:56:51	openvpn	18851	server_network_ipv6 = ::
Dec 28 03:56:51	openvpn	18851	server_bridge_ip = 0.0.0.0
Dec 28 03:56:51	openvpn	18851	server_bridge_pool_start = 0.0.0.0
Dec 28 03:56:51	openvpn	18851	server_bridge_pool_end = 0.0.0.0
Dec 28 03:56:51	openvpn	18851	ifconfig_pool_start = 0.0.0.0
Dec 28 03:56:51	openvpn	18851	ifconfig_pool_netmask = 0.0.0.0
Dec 28 03:56:51	openvpn	18851	ifconfig_pool_persist_filename = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	ifconfig_ipv6_pool_defined = DISABLED
Dec 28 03:56:51	openvpn	18851	ifconfig_ipv6_pool_netbits = 0
Dec 28 03:56:51	openvpn	18851	tcp_queue_limit = 64
Dec 28 03:56:51	openvpn	18851	virtual_hash_size = 256
Dec 28 03:56:51	openvpn	18851	client_connect_script = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	client_disconnect_script = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	client_config_dir = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	tmp_dir = '/tmp'
Dec 28 03:56:51	openvpn	18851	push_ifconfig_local = 0.0.0.0
Dec 28 03:56:51	openvpn	18851	push_ifconfig_ipv6_defined = DISABLED
Dec 28 03:56:51	openvpn	18851	push_ifconfig_ipv6_remote = ::
Dec 28 03:56:51	openvpn	18851	duplicate_cn = DISABLED
Dec 28 03:56:51	openvpn	18851	cf_per = 0
Dec 28 03:56:51	openvpn	18851	cf_initial_per = 10
Dec 28 03:56:51	openvpn	18851	max_clients = 1024
Dec 28 03:56:51	openvpn	18851	auth_user_pass_verify_script = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	auth_token_generate = DISABLED
Dec 28 03:56:51	openvpn	18851	auth_token_secret_file = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	port_share_port = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	vlan_accept = all
Dec 28 03:56:51	openvpn	18851	client = DISABLED
Dec 28 03:56:51	openvpn	18851	auth_user_pass_file = '[UNDEF]'
Dec 28 03:56:51	openvpn	18851	library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10
Dec 28 03:56:51	openvpn	18851	DCO version: FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec 6 20:45:47 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/F
Dec 28 03:56:51	openvpn	18895	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1/sock
Dec 28 03:56:51	openvpn	18895	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 28 03:56:51	openvpn	18895	WARNING: experimental option --capath /var/etc/openvpn/client1/ca
Dec 28 03:56:51	openvpn	18895	Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 28 03:56:51	openvpn	18895	Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 28 03:56:51	openvpn	18895	Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
Dec 28 03:56:56	openvpn	18895	Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Dec 28 03:56:56	openvpn	18895	TCP/UDP: Preserving recently used remote address: [AF_INET]***.***.***.***:****
Dec 28 03:56:56	openvpn	18895	Socket Buffers: R=[42080->42080] S=[57344->57344]
Dec 28 03:56:56	openvpn	18895	UDPv4 link local (bound): [AF_INET]***.***.***.***:0
Dec 28 03:56:56	openvpn	18895	UDPv4 link remote: [AF_INET]***.***.***.***:****
Dec 28 03:56:56	openvpn	18895	TLS: Initial packet from [AF_INET]***.***.***.***:****, sid=78518285 325354e1
Dec 28 03:56:56	openvpn	18895	VERIFY WARNING: depth=0, unable to get certificate CRL: CN=768VPN_cert
Dec 28 03:56:56	openvpn	18895	VERIFY WARNING: depth=1, unable to get certificate CRL: CN=768VPN_CA
Dec 28 03:56:56	openvpn	18895	VERIFY OK: depth=1, CN=768VPN_CA
Dec 28 03:56:56	openvpn	18895	VERIFY KU OK
Dec 28 03:56:56	openvpn	18895	Validating certificate extended key usage
Dec 28 03:56:56	openvpn	18895	++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec 28 03:56:56	openvpn	18895	VERIFY EKU OK
Dec 28 03:56:56	openvpn	18895	VERIFY OK: depth=0, CN=768VPN_cert
Dec 28 03:56:56	openvpn	18895	peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
Dec 28 03:56:56	openvpn	18895	peer info: IV_PROTO=746
Dec 28 03:56:56	openvpn	18895	Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
Dec 28 03:56:56	openvpn	18895	[768VPN_cert] Peer Connection Initiated with [AF_INET]***.***.***.***:****
Dec 28 03:56:56	openvpn	18895	TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Dec 28 03:56:56	openvpn	18895	TLS: tls_multi_process: initial untrusted session promoted to trusted
Dec 28 03:56:58	openvpn	18895	SENT CONTROL [768VPN_cert]: 'PUSH_REQUEST' (status=1)
Dec 28 03:56:58	openvpn	18895	PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.248.0,cipher AES-256-GCM,tun-mtu 1500'
Dec 28 03:56:58	openvpn	18895	OPTIONS IMPORT: route options modified
Dec 28 03:56:58	openvpn	18895	OPTIONS IMPORT: tun-mtu set to 1500
Dec 28 03:56:58	openvpn	18895	ROUTE_GATEWAY ***.***.***.***/255.255.255.0 IFACE=igb0 HWADDR=****
Dec 28 03:56:58	openvpn	18895	OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Dec 28 03:56:58	openvpn	18895	OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.0.0
Dec 28 03:56:58	openvpn	18895	OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Dec 28 03:56:58	openvpn	18895	OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.0.0
Dec 28 03:56:58	openvpn	18895	TUN/TAP device ovpnc1 exists previously, keep at program end
Dec 28 03:56:58	openvpn	18895	TUN/TAP device /dev/tun1 opened
Dec 28 03:56:58	openvpn	18895	do_ifconfig, ipv4=0, ipv6=0
Dec 28 03:56:58	openvpn	18895	/usr/local/sbin/ovpn-linkup ovpnc1 1500 0 init
Dec 28 03:56:58	openvpn	18895	Data Channel MTU parms [ mss_fix:1403 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Dec 28 03:56:58	openvpn	18895	Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 28 03:56:58	openvpn	18895	Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 28 03:56:58	openvpn	18895	Initialization Sequence Completed
Dec 28 03:56:58	openvpn	18895	Data Channel: cipher 'AES-256-GCM'
Dec 28 03:56:58	openvpn	18895	Timers: ping 10, ping-restart 60
Dec 28 03:56:58	openvpn	18895	Protocol options: explicit-exit-notify 1
                    1 Reply Last reply Reply Quote 0
                    • 6
                      610Garage
                      last edited by

                      I added the following to my server's custom options field in the gui.

                      push "route-gateway 192.168.3.1"

                      And now I am getting the following from my pfsense client log.

                      Dec 29 05:19:44	openvpn	72631	PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.248.0,route-gateway 192.168.3.1,cipher AES-256-GCM,tun-mtu 1500'
Dec 29 05:19:44	openvpn	72631	OPTIONS IMPORT: route options modified
Dec 29 05:19:44	openvpn	72631	OPTIONS IMPORT: route-related options modified
Dec 29 05:19:44	openvpn	72631	OPTIONS IMPORT: tun-mtu set to 1500
Dec 29 05:19:44	openvpn	72631	ROUTE_GATEWAY ***.***.***.***/255.255.255.0 IFACE=igb0 HWADDR=***
Dec 29 05:19:44	openvpn	72631	TUN/TAP device ovpnc1 exists previously, keep at program end
Dec 29 05:19:44	openvpn	72631	TUN/TAP device /dev/tun1 opened
Dec 29 05:19:44	openvpn	72631	do_ifconfig, ipv4=0, ipv6=0
Dec 29 05:19:44	openvpn	72631	/usr/local/sbin/ovpn-linkup ovpnc1 1500 0 init
Dec 29 05:19:44	openvpn	72631	WARNING: OpenVPN was configured to add an IPv4 route. However, no IPv4 has been configured for ovpnc1, therefore the route installation may fail or may not work as expected.
Dec 29 05:19:44	openvpn	72631	/sbin/route add -net 192.168.0.0 192.168.3.1 255.255.248.0
Dec 29 05:19:44	openvpn	72631	ERROR: FreeBSD route add command failed: external program exited with error status: 1
Dec 29 05:19:44	openvpn	72631	/sbin/route add -net 192.168.0.0 192.168.3.1 255.255.248.0
Dec 29 05:19:44	openvpn	72631	ERROR: FreeBSD route add command failed: external program exited with error status: 1

                      So it looks like there is an issue adding the route within the os? I tried to enter the command manually in the web gui command prompt and it spit this out:

                      add net 192.168.0.0: gateway 192.168.3.1 fib 0: Invalid argument
                      1 Reply Last reply Reply Quote 0
                      • 6
                        610Garage
                        last edited by

                        I got it! 🎉 Right after I posted, I saw the log state that the vpn link did not have an ip address. I looked and the local address was my public ip. 😕 I manually set the IPv4 Tunnel Network on my client through the web gui and it worked. I now have a the route and I can ping in both directions. I think it also needs the gateway to be pushed. I'll play around a little more tomorrow just to see the actual reason. I am not sure why it wasn't getting an address without the tunnel network being predefined. I also gave the client vpn an interface. So I'm not sure if that is also required.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.