Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cross-client OpenVPN routing issues on pfSense

    OpenVPN
    1
    2
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcgaines
      last edited by

      Hello all,

      I currently have about 15 sites with DD-WRT routers. Each router has it's own subnet (i.e. 10.1.1.0/24, 10.1.2.0/24, etc), but I've configured each router as an OpenVPN client so that devices on each subnet can communicate with one another (i.e. 10.1.1.100 can ping 10.1.2.100, and vice-versa). The OpenVPN server is an OpenVPN Access Server hosted in the cloud. This has been working great for months.

      However, I'm now wanting to swap out my DD-WRT boxes for pfSense routers. I've successfully configured pfSense as an OpenVPN client using this post (http://forum.pfsense.org/index.php?topic=24435.0) as a guide, and I can ping out from behind the pfSense router (i.e. 10.1.3.0/24) to all of the other clients without any issues. But when attempting to ping the pfSense router from the other clients/subnets, I cannot see it.

      I had the same issue when initially setting up my DD-WRT routers and fixed it by entering the following script into the startup commands:

      iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
      iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

      This script, I think, is the magic that makes it all work, but I don't know how to replicate it on pfSense. To compare, here's my pfSense routing table:

      Destination          Gateway        Flags    Refs  Use    Mtu    Netif
      default              216.xxx.xx.1  UGS      0      1388  1500    vr1
      10.0.0.0/8          172.0.0.1        UGS    0      1154  1500    ovpnc1
      10.1.1.0/24        link#1            U        0      2071  1500    vr0
      10.1.1.1            link#1            UHS      0      0      16384  lo0
      127.0.0.1            link#6            UH      0      47    16384  lo0
      172.0.0.0/8        link#9            U        0      5      1500    ovpnc1
      172.16.1.1          link#9            UHS      0      0      16384  lo0
      192.168.1.0/24    172.0.0.1        UGS    0      0      1500    ovpnc1
      192.168.100.0/24 172.0.0.1        UGS    0      0      1500    ovpnc1
      216.xxx.xx.0/24    link#2            U        0      134    1500    vr1
      216.xxx.xx.67      link#2            UHS    0      0      16384  lo0

      And here's a working DD-WRT routing table:

      Destination LAN  Subnet Mask      Gateway      Interface
      216.xxx.xx.1      255.255.255.255  0.0.0.0        WAN
      192.168.100.0    255.255.255.0      172.0.0.1    tun0
      216.xxx.xx.0      255.255.255.0      0.0.0.0        WAN
      192.168.1.0         255.255.255.0    172.0.0.1    tun0
      10.1.4.0            255.255.255.0    0.0.0.0        LAN & WLAN
      169.254.0.0         255.255.0.0        0.0.0.0        LAN & WLAN
      172.0.0.0          255.0.0.0            0.0.0.0        tun0
      10.0.0.0            255.0.0.0          172.0.0.1      tun0
      0.0.0.0              0.0.0.0              216.xxx.xx.1  WAN

      Any help getting this working in pfSense would be greatly appreciated!

      1 Reply Last reply Reply Quote 0
      • M
        mcgaines
        last edited by

        Anyone? If I can provide more information or more clearly state the problem, please let me know.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.