Pfsense does not route through the openvpn tunnel [solved]



  • local net: 192.168.1.0/24
    foreign net: 10.0.0.0/8

    opevpn client configuration (pfsense):
    Protocol: TCP
    Server address: <ip address="" openvpn="" server="">Server port: 443
    Interface IP: empty
    Remote network: empty
    Proxy Host: empty
    Authentication method: PKI

    OpenVPN Server configuration (Debian Lenny):
    port 443
    proto tcp-server
    dev tap1
    tls-server
    (…)
    mode server 10.0.33.0 255.255.255.0
    ifconfig-pool 10.0.33.2 10.0.33.254
    ifconfig 10.0.33.1 255.255.255.0
    push "route 10.0.0.0 255.255.255.0 10.0.33.1"
    ping-restart 60
    ping 10
    comp-lzo
    persist-key
    persist-tun

    pfsense rules:
    Proto Source Port Destination Port Gateway Schedule Description

    • LAN net * * * *   Default LAN -> any

    Systemlog | OpenVPN:
    openvpn[37775]: Initialization Sequence Completed
    openvpn[37105]: SIGTERM[hard,] received, process exiting
    openvpn[37775]: /etc/rc.filter_configure tap0 1500 1576 10.0.33.5 255.255.255.0 init
    openvpn[37775]: /sbin/ifconfig tap0 10.0.33.5 netmask 255.255.255.0 mtu 1500 up
    openvpn[37775]: TUN/TAP device /dev/tap0 opened
    openvpn[37775]: gw <ip address="">openvpn[37775]: [firewall] Peer Connection Initiated with <ip address="" openvpnserver="">:443
    openvpn[37775]: TCPv4_CLIENT link remote: <ip address="" openvpnserver="">:443
    openvpn[37775]: TCPv4_CLIENT link local: [undef]
    openvpn[37775]: TCP connection established with <ip address="" openvpnserver="">:443
    openvpn[37775]: Attempting to establish TCP connection with <ip address="" openvpnserver="">:443

    Diagnostics: Routing tables:
    Destination Gateway Flags Refs Use Mtu Netif Expire
    default <ip address="">UGS 0 13919946 1492 ng0
    10.0.0.0/24 10.0.33.1 UGS 0 576 1500 tap0

    pfsense is able to traceroute and ping clients on the "foreign net":
    Traceroute output:
    1  localhost (10.0.33.1)  54.033 ms  50.297 ms  53.835 ms
    2  localhost (10.0.0.2)  51.025 ms  50.770 ms  53.766 ms

    So, as far as I see everything should work. If I try to connect from a client of the local subnet (eg 192.168.1.7) to a client of the foreign net (10.0.0.2) the firewall logs does not show any problems (if I enable logging on the default rule, it even shows that the connection was acceppted), but the connections fails. I tried Port 3389, 80, 143, none is working.

    When I traceroute to the client on the foreign net:

    tracert 10.0.0.2

    1     1 ms     1 ms     1 ms  firewall.local [192.168.1.1]
     2     *        *        *     timeout
     3     *        *        *     timeout
    (…)

    Can somebody give me a hint?</ip></ip></ip></ip></ip></ip></ip>



  • manually add route here –-> http://192.168.2.1/system_routes.php



  • I added manually the route

    10.0.0.0/8 –> gw 10.0.33.1

    now I have two similar routes, but it is still not working



  • nobody?



  • Don't manually add routes. From your description, the remote side is missing a route back to your LAN.



  • Thank you very very much! Could not see the wood for the trees….


Locked