Routing to a network behind an openvpn client doesn't work

  • Hi,
    We have an openvpn server providing vpn connections from remote clients to our LAN and that works flawlessy.
    Now we want the networks behind openvpn clients being reachable from the server's LAN.

    What we have done so far: is the client's LAN.

    1. Added "iroute" in a "Client Specific Overrides" based on the client's Common Name
    2. Added "route" in the main server config
    3. Also added "iroute" in the client's openvpn config.

    "netstat -r" on the openvpn server lists a route to       UGS         0        0 ovpns3

    and pinging a host into the client's LAN from pfsense actually works.

    What doesn't work so far:

    ping to a host inside from a host in the server's LAN doesn't work. A "traceroute" to reveals that is routed through the openvpn server and then to the Internet (pfsense is working as openvpn server and default gateway for us).

    What could be wrong? We are currently using Gateway Groups with failover.

  • Give us a network map with IP info.

    Remove #2 and #3 from the client side.

    You also have to enable IP routing on the client side… has this been done?

Log in to reply