Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing to a network behind an openvpn client doesn't work

    OpenVPN
    2
    2
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bateau009
      last edited by

      Hi,
      We have an openvpn server providing vpn connections from remote clients to our LAN and that works flawlessy.
      Now we want the networks behind openvpn clients being reachable from the server's LAN.

      What we have done so far:

      192.168.9.0 is the client's LAN.

      1. Added "iroute 192.168.9.0 255.255.255.0" in a "Client Specific Overrides" based on the client's Common Name
      2. Added "route 192.168.9.0 255.255.255.0" in the main server config
      3. Also added "iroute 192.168.9.0 255.255.255.0" in the client's openvpn config.

      "netstat -r" on the openvpn server lists a route to 192.168.9.0:

      192.168.9.0        192.168.98.2       UGS         0        0 ovpns3
      
      

      and pinging a host into the client's LAN from pfsense actually works.

      What doesn't work so far:

      ping to a host inside 192.168.9.0 from a host in the server's LAN doesn't work. A "traceroute" to 192.168.9.1 reveals that 192.168.9.0 is routed through the openvpn server and then to the Internet (pfsense is working as openvpn server and default gateway for us).

      What could be wrong? We are currently using Gateway Groups with failover.

      Running pfSense 2.1 i386

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        Give us a network map with IP info.

        Remove #2 and #3 from the client side.

        You also have to enable IP routing on the client side… has this been done?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.