• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing to a network behind an openvpn client doesn't work

Scheduled Pinned Locked Moved OpenVPN
2 Posts 2 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bateau009
    last edited by Apr 18, 2013, 1:20 AM Apr 16, 2013, 4:31 PM

    Hi,
    We have an openvpn server providing vpn connections from remote clients to our LAN and that works flawlessy.
    Now we want the networks behind openvpn clients being reachable from the server's LAN.

    What we have done so far:

    192.168.9.0 is the client's LAN.

    1. Added "iroute 192.168.9.0 255.255.255.0" in a "Client Specific Overrides" based on the client's Common Name
    2. Added "route 192.168.9.0 255.255.255.0" in the main server config
    3. Also added "iroute 192.168.9.0 255.255.255.0" in the client's openvpn config.

    "netstat -r" on the openvpn server lists a route to 192.168.9.0:

    192.168.9.0        192.168.98.2       UGS         0        0 ovpns3
    
    

    and pinging a host into the client's LAN from pfsense actually works.

    What doesn't work so far:

    ping to a host inside 192.168.9.0 from a host in the server's LAN doesn't work. A "traceroute" to 192.168.9.1 reveals that 192.168.9.0 is routed through the openvpn server and then to the Internet (pfsense is working as openvpn server and default gateway for us).

    What could be wrong? We are currently using Gateway Groups with failover.

    Running pfSense 2.1 i386

    1 Reply Last reply Reply Quote 0
    • M
      marvosa
      last edited by Apr 19, 2013, 5:21 PM

      Give us a network map with IP info.

      Remove #2 and #3 from the client side.

      You also have to enable IP routing on the client side… has this been done?

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received