Client connects - get route add error and unable to route to internal network
-
Running latest pfsense 2.8 CE edition
configured OpenVPN using the wizard
internal subnet 192.168.0.1/24
VPN subnet 192.168.8.0/24I can connect but get error as below
Wed Jul 30 16:37:10 2025 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Wed Jul 30 16:37:10 2025 MANAGEMENT: >STATE:1753889830,ADD_ROUTES,,,,,,
Wed Jul 30 16:37:10 2025 C:\Windows\system32\route.exe ADD 192.168.0.1 MASK 255.255.255.0 192.168.8.1
Wed Jul 30 16:37:10 2025 ERROR: route addition failed using service: The parameter is incorrect. [status=87 if_index=10]I do ssuccessfully get a IP address from the VPN subnet but can not route to the internal network. This is a new build, not sure if I have misconfigured
my server config as below
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
learn-address "/usr/local/sbin/openvpn.learn-address.sh <removed>"
local 192.168.10.78
tls-server
server 192.168.8.0 255.255.255.0
client-config-dir /var/etc/openvpn/server1/csc
username-as-common-name
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user TG9jYWwgRGF0YWJhc2U= false server1 1194
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'OPENVPN_SERVER_CERT' 1"
lport 1194
management /var/etc/openvpn/server1/sock unix
push "route 192.168.0.1 255.255.255.0"
push "dhcp-option DOMAIN <removed>"
push "dhcp-option DNS 192.168.0.1"
capath /var/etc/openvpn/server1/ca
cert /var/etc/openvpn/server1/cert
key /var/etc/openvpn/server1/key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
persist-remote-ip
float
topology subnet
fast-io
explicit-exit-notify 1client config
dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote <removed> 1194 udp4
verify-x509-name "OPENVPN_SERVER_CERT" name
lport 0
auth-user-pass
remote-cert-tls server
explicit-exit-notify -
I made a mistake in my config, for the local network in the VPN config I enter 192.168.0.1/24 and should have been 192.168.0.0/24