Cross-client OpenVPN routing issues on pfSense



  • Hello all,

    I currently have about 15 sites with DD-WRT routers. Each router has it's own subnet (i.e. 10.1.1.0/24, 10.1.2.0/24, etc), but I've configured each router as an OpenVPN client so that devices on each subnet can communicate with one another (i.e. 10.1.1.100 can ping 10.1.2.100, and vice-versa). The OpenVPN server is an OpenVPN Access Server hosted in the cloud. This has been working great for months.

    However, I'm now wanting to swap out my DD-WRT boxes for pfSense routers. I've successfully configured pfSense as an OpenVPN client using this post (http://forum.pfsense.org/index.php?topic=24435.0) as a guide, and I can ping out from behind the pfSense router (i.e. 10.1.3.0/24) to all of the other clients without any issues. But when attempting to ping the pfSense router from the other clients/subnets, I cannot see it.

    I had the same issue when initially setting up my DD-WRT routers and fixed it by entering the following script into the startup commands:

    iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

    This script, I think, is the magic that makes it all work, but I don't know how to replicate it on pfSense. To compare, here's my pfSense routing table:

    Destination          Gateway        Flags    Refs  Use    Mtu    Netif
    default              216.xxx.xx.1  UGS      0      1388  1500    vr1
    10.0.0.0/8          172.0.0.1        UGS    0      1154  1500    ovpnc1
    10.1.1.0/24        link#1            U        0      2071  1500    vr0
    10.1.1.1            link#1            UHS      0      0      16384  lo0
    127.0.0.1            link#6            UH      0      47    16384  lo0
    172.0.0.0/8        link#9            U        0      5      1500    ovpnc1
    172.16.1.1          link#9            UHS      0      0      16384  lo0
    192.168.1.0/24    172.0.0.1        UGS    0      0      1500    ovpnc1
    192.168.100.0/24 172.0.0.1        UGS    0      0      1500    ovpnc1
    216.xxx.xx.0/24    link#2            U        0      134    1500    vr1
    216.xxx.xx.67      link#2            UHS    0      0      16384  lo0

    And here's a working DD-WRT routing table:

    Destination LAN  Subnet Mask      Gateway      Interface
    216.xxx.xx.1      255.255.255.255  0.0.0.0        WAN
    192.168.100.0    255.255.255.0      172.0.0.1    tun0
    216.xxx.xx.0      255.255.255.0      0.0.0.0        WAN
    192.168.1.0         255.255.255.0    172.0.0.1    tun0
    10.1.4.0            255.255.255.0    0.0.0.0        LAN & WLAN
    169.254.0.0         255.255.0.0        0.0.0.0        LAN & WLAN
    172.0.0.0          255.0.0.0            0.0.0.0        tun0
    10.0.0.0            255.0.0.0          172.0.0.1      tun0
    0.0.0.0              0.0.0.0              216.xxx.xx.1  WAN

    Any help getting this working in pfSense would be greatly appreciated!



  • Anyone? If I can provide more information or more clearly state the problem, please let me know.


Locked