Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable To Access Remote Subnets Defined In Push Route

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JuggalotusHeat
      last edited by

      I have got OpenVPN client going w/ 10.0.8.5/24 subnet and I am able to access the 10.0.0.0/24 subnet that the openvpn server is hosted on. My problem is accessing remote subnets after I have defined the route via Push to the clients. I am trying to hit 192.168.11.0/24 and 192.168.1.1/24 via openvpn but it's a no go. I have even allowed all on LAN and OpenVPN firewall to troubleshoot but no dice. The route is listed in windows when doing "route print"

      output of route print: 192.168.11.0    255.255.255.0        10.0.8.5        10.0.8.6    30

      Am I missing a route on the firewall end?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        I am assuming:
        a) Client end is a single client PC with some LAN and an OpenVPN link to a OpenVPN pfSense server.
        b) The OpenVPN link is using 10.0.8.0/24 subnet. When you connect the 2 ends get the .5 and .6 addresses (normal behaviour).
        c) At the server end, 192.168.11.0/24 (and 192.168.1.0/24) are also directly accessible on ports of the pfSense server/firewall.
        d) Devices in 192.168.11.0/24 (and 192.168.1.0/24) have their default gateway/route pointing at the pfSense server/firewall.

        The routing should just work, since the pfSense server/firewall is at the centre of it all.
        You should just need firewall rules allowing traffic from 192.168.11.0/24 (and 192.168.1.0/24) to the OpenVPN subnet addresses - should only be needed if those subnets need to initiate anything.

        Assuming © and (d) are not true, then there is some other private router behind the OpenVPN pfSense server that knows how to get between 10.0.0.0/24, 192.168.11.0/24 and 192.168.1.0/24. That router will now need to know that 10.0.8.0/24 is reached by going to your pfSense server LAN IP.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • J
          JuggalotusHeat
          last edited by

          Phil,

          It turns out i had a weird outbound nat rule that was screwing everything up. removed that and everything is good to go. thanks for the help :O)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.