OpenVPN client connects to PFsense, does not route

  • This is my client config:
    dev tun
    proto udp
    cipher AES-256-CBC
    resolv-retry infinite
    remote x.x.x.x 444
    tls-remote "user"
    pkcs12 satlink-udp-444.p12
    tls-auth satlink-udp-444-tls.key 1

    That was exported from the export tab. On PF, it's configured for remote access SSL/TLS+auth, UDP, TUN
    Tunnel network is set to
    Local network is (this is my LAN i'm trying to get to behind PF sense from the road)
    Provide virtual IP is checked.

    My route print statement is as follows (I erased the "real" ones so they are not included):
    Network Destination        Netmask          Gateway       Interface  Metric     30         On-link    286         On-link    286         On-link    286
          On-link    306
          On-link    306         On-link    306     30
          On-link    306
          On-link     x.x.x.x.    266
          On-link    286         On-link    306         On-link     x,x,x,x    266         On-link    286

    It's doesn't make sense which seems like I messed a config up somewhere.

    Here are the PFsense routes of relevance: link#12 UHS 0 0 16384 lo0 => link#12 U 0 0 1500 ovpns1 link#1 U 0 10158163 1500 vr0 link#1 UHS 0 172 16384 lo0

    So yes, I can see something's off, but I don't know how to fix it.

    There should be a route on PF to via ovpns1, but I don't see that
    On the windows client side, there should only be a route to via, not those other 3

    Anyhow. HELP!  :'(

    I am used to running TAP, but I gave up since no one uses that and could not help me. This seemed good because I got it to finally connect, but now it doesn't route anywhere.


  • Oh, I forgot to mention. I can't ping anything from anywhere. I can only ping my own assigned IP address from the VPN (

  • what version of pfsense are you running ?
    please post screenshots of the configuration & firewall rules + screenshot of pfsense' routing table + screenshot of windows client routing table

    also note that if your remote clients lan subnet is the same as the lan behind pfsense, then routing will fail

  • Sorry, this one i had to recreate:


    Network Destination        Netmask            Gateway      Interface      Metric    30        On-link    286        On-link    286        On-link    286                  On-link      306        On-link      306        On-link      306    30                    On-link      306                      On-link      x.x.x.x.        266                      On-link  286        On-link      306        On-link            x,x,x,x    266        On-link  286
    Remote side is on a routeable address at work so not the same as my LAN.
    PFsense 2.0.1 on Alix 2d13, 4gb CF card

  • i find it odd that your pfsense server address of the tunnel network =

    in my experience, the pfsense server tunnel interface would allways try to bind to, being the first address available in the specified subnet.
    could you check that the tunnel interface address is indeed (status –> openvpn)

    did you perhaps assign an interface to the openvpn instance? if so, did you provide a static ip address there ? Is so, set type to 'none' and try again

  • Well, this is the weirdest thing. I go and try it today and it works like nothing was ever wrong. I did reboot PFsense a thousand times this weekend trying to get Dansguardian to work and also rebooted my work machine.

    Anyhow, I'm still going to post what you asked because it is binding on a weird I{. This may or may not help someone else so what the heck:

Log in to reply