Open vpn push routes
I have pfsense 2.0.1 and running open-vpn on site A
On site B the same thing.
I have a server on site A on vlan23
Between the 2 sites there is a Peer to Peer open vpn link.
Vlan 23 is pushed from A to B
Here are the ip.
Now clients connet to B via roadworrior.
They cant seem to access vlan23.
Here are the ips
Lan Vlan @ B is 192.168.20.0/24
Setup on A
Tunnel ip (server ) 10.0.20.0/24
Lan ip 192.168.23.0/24
Remote Lan 192.168.20.0/24
Can anyone please advise.
Nachtfalke last edited by
Will this work in my setup as the clients are trying to access from site B to site A (connected via roadworrior to B and the server is on site A connected to site B via openvpn again
roadwarrior <=Tunnel (10.0.23.0/24) => Site B lan(192.168.20.0/24) <= (Tunel 10.0.20.0/24) ==> Site A /Server (192.16823.0/24 vlan)
This work is nt mie.
I JUST COPIED IT HERE.
The original link is
And i am really greatful to the writer
Hope this will help someone else.
You have one or more Site to Site VPNs already and at least one Road Warrior setup for your users. Initially you are happy that you users can consume services from the site that hosts the Road Warrior, but then you want to give them access through the same connection to other sites connected to your main one.
Take a look at the network diagram.
pfSense01 serves the main site, and provides access to the remote users, but also has a site to site configuration with pfSense02.
If you are on the LAN (10.10.9.0/24) side behind pfSense01, you will be able to access machines through the Site to Site connection and communicate with machines on the other end, for example 10.10.10.99.
But if you are the VPN Client, you will be able to only access machines in the 10.10.9.0/24 network.
Our aim is to provide the VPN Client access to network behind pfSense02 (10.10.10.0/24) in addition to the 10.10.9.0/24 one.
If you have already configured Road Warrior and Site To Site configuration skip to the Advanced Configuration section below.
For reference how to configure it, you can look at my other posts, and choose depending on your needs:
pfSense 2.0 RC1 configuration of OpenVPN Server for Rad Warrior with TLS and User Authentication
OpenVPN with LDAP authentication on pfSense 2.0 RC1
OpenVPN with RADIUS authentication on pfSense 2.0 RC1
Site To Site
In case that you don’t have a site to site configuration ready, you can check out one of this posts:
Building Site to Site Connection with OpenVPN on pfSense 2.0 RC1 with Shared Key
Building Site to Site Connection with OpenVPN on pfSense 2.0 RC1 with PKI
On pfSense 01,navigate to VPN > OpenVPN
on the Server leaf, in the Road Warrior configuration scroll down to the bottom section titled Advanced Configuration
and enter this line:
push “route 10.10.10.0 255.255.255.0″;
On pfSense 02, again navigate to VPN > OpenVPN, on the Client leaf, and open the Site To Site configuration
Scroll down to the bottom section titled Advanced Configuration, and enter this line:
route 10.123.45.0 255.255.255.0;
As jimp explained in the thread mentioned below,
The push “route 10.10.10.0 255.255.255.0″; on the Road Warrior configuration tells the client that they can reach machines on the second site via the OpenVPN connection. While establishing connation OpenVPN Client adds an additional route to the second site.
The route 10.123.45.0 255.255.255.0; will instruct the second site how to answer on requests from the OpenVPN Client.
After you save the configuration changes, connect to the Road Warrior, and test you connectivity to machine on both sites.
While I was configuring similar setup, the routing part was new to me and I found it difficult to grasp at the time, but thanks to jimp’s help on the matter everything is crystal clear.
You can check out the thread in the pfSense forum here:
Topic: Routing Road Warrior to Site-To-Site, pfSense as OpenVPN client configuration
route 10.123.45.0 255.255.255.0;
The subnet of the roadwarrior from site A that added to site B