Unable To Access Remote Subnets Defined In Push Route



  • I have got OpenVPN client going w/ 10.0.8.5/24 subnet and I am able to access the 10.0.0.0/24 subnet that the openvpn server is hosted on. My problem is accessing remote subnets after I have defined the route via Push to the clients. I am trying to hit 192.168.11.0/24 and 192.168.1.1/24 via openvpn but it's a no go. I have even allowed all on LAN and OpenVPN firewall to troubleshoot but no dice. The route is listed in windows when doing "route print"

    output of route print: 192.168.11.0    255.255.255.0        10.0.8.5        10.0.8.6    30

    Am I missing a route on the firewall end?



  • I am assuming:
    a) Client end is a single client PC with some LAN and an OpenVPN link to a OpenVPN pfSense server.
    b) The OpenVPN link is using 10.0.8.0/24 subnet. When you connect the 2 ends get the .5 and .6 addresses (normal behaviour).
    c) At the server end, 192.168.11.0/24 (and 192.168.1.0/24) are also directly accessible on ports of the pfSense server/firewall.
    d) Devices in 192.168.11.0/24 (and 192.168.1.0/24) have their default gateway/route pointing at the pfSense server/firewall.

    The routing should just work, since the pfSense server/firewall is at the centre of it all.
    You should just need firewall rules allowing traffic from 192.168.11.0/24 (and 192.168.1.0/24) to the OpenVPN subnet addresses - should only be needed if those subnets need to initiate anything.

    Assuming © and (d) are not true, then there is some other private router behind the OpenVPN pfSense server that knows how to get between 10.0.0.0/24, 192.168.11.0/24 and 192.168.1.0/24. That router will now need to know that 10.0.8.0/24 is reached by going to your pfSense server LAN IP.



  • Phil,

    It turns out i had a weird outbound nat rule that was screwing everything up. removed that and everything is good to go. thanks for the help :O)


Locked