Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing two/multiple subnets through tunnel

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pphillips99
      last edited by

      pfsense 1.2.3-RELEASE

      – NICs
      WAN 1.2.3.4
      LAN 172.18.128.1/24
      LAN_164 192.168.164.249/24

      -- tunnel
      Address pool 172.18.251.0/24
      Local network 172.18.128.0.24

      I have successfully configured OpenVPN for remote client access.
      Remote access to LAN works for all IPs.

      Following that, I wanted to add remote access to LAN_164 IP's. So
      I added 'push "route 192.168.164.0 255.255.255.0"' to the global
      config. Here is the remote routes:

      Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
      172.18.251.5    0.0.0.0 255.255.255.255         UH      0       0       0       tun0
      172.18.251.1    172.18.251.5    255.255.255.255 UGH     0       0       0       tun0
      172.18.128.0    172.18.251.5    255.255.255.0   UG      0       0       0       tun0
      192.168.164.0   172.18.251.5    255.255.255.0   UG      0       0       0       tun0
      192.168.1.0     0.0.0.0         255.255.255.0   U       0       0       0       eth0
      169.254.0.0     0.0.0.0         255.255.0.0     U       0       0       0       eth0
      0.0.0.0         192.168.1.1     0.0.0.0         UG      0       0       0       eth0

      However, on the remote I still cannot ping any of the IPs on LAN_164.

      On the server/lan side I can access LAN_164 from LAN without trouble. Here are the
      (relevant) routes on the server:

      Destination        Gateway            Flags    Refs      Use  Netif Expire
      172.18.128.0/24    link#4             UC          0        0    em1
      172.18.251.0/24    172.18.251.2       UGS         0        0   tun0
      172.18.251.2       172.18.251.1       UH          1        0   tun0
      192.168.164.0/24   link#2             UC          0        0   fxp1

      I am clearly missing something. Any input would be appreciated. If I have been too brief
      in detail, please let me know.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Is this a private shared key tunnel?

        If yes: You cannot use pushes with such a setup.
        You need to add normal routes to the config on the server and the client
        (eg. route 192.168.164.0 255.255.255.0)

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • P
          pphillips99
          last edited by

          The tunnel Auth method is PKI.

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Do the devices in the 164 range have a default gateway other than the pfSense?
            Do you have the OpenVPN instance assigned as interface?
            If yes, might you have a rule not allowing access?

            The same on the remote side: Might you have a rule not allowing access?
            Do you see anything in the firewall log?

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.