Routing to a network behind an openvpn client doesn't work



  • Hi,
    We have an openvpn server providing vpn connections from remote clients to our LAN and that works flawlessy.
    Now we want the networks behind openvpn clients being reachable from the server's LAN.

    What we have done so far:

    192.168.9.0 is the client's LAN.

    1. Added "iroute 192.168.9.0 255.255.255.0" in a "Client Specific Overrides" based on the client's Common Name
    2. Added "route 192.168.9.0 255.255.255.0" in the main server config
    3. Also added "iroute 192.168.9.0 255.255.255.0" in the client's openvpn config.

    "netstat -r" on the openvpn server lists a route to 192.168.9.0:

    192.168.9.0        192.168.98.2       UGS         0        0 ovpns3
    
    

    and pinging a host into the client's LAN from pfsense actually works.

    What doesn't work so far:

    ping to a host inside 192.168.9.0 from a host in the server's LAN doesn't work. A "traceroute" to 192.168.9.1 reveals that 192.168.9.0 is routed through the openvpn server and then to the Internet (pfsense is working as openvpn server and default gateway for us).

    What could be wrong? We are currently using Gateway Groups with failover.



  • Give us a network map with IP info.

    Remove #2 and #3 from the client side.

    You also have to enable IP routing on the client side… has this been done?


Log in to reply