Pfsense assigning itself the wrong ip?
-
I had an openvpn tunnel working just fine with my pfsense at work and my dd-wrt at home having followed a how-to a while back. This last weekend it stopped working, no evident reason, hadn't made any changes that I knew of. I've come a long way in working with VPNs so I redid the whole config, upgraded my dd-wrt firware, went from shared secret to certs and keys. All that.
My tunnel connects, the internal network is 192.168.42.0 . The dd-wrt client gets 192.168.42.6 and routes properly, I can get to work from home just fine (which is the point of the VPN and since I can get my email again, it works for all intents and purposes) However, the pfsense gets 192.168.42.5, but enters a route pointing to 192.168.42.2 as the gateway to my home network. Some of the related routes from the routing table:
172.16.10.0/24 192.168.42.2 UGS 0 1500 ovpns3
192.168.42.0/24 192.168.42.2 UGS 181 1500 ovpns3
192.168.42.1 link#8 UHS 0 16384 lo0
192.168.42.2 link#8 UH 0 1500 ovpns3Any ideas? I understood that PFsense as the openvpn server would give itself the first ip on the subnet and hand out the other ips to clients, doesn't seem to be happening here and I don't know how to change the routing table to match the ip addressing scheme.
-
If you switched from shared key to SSL/TLS there are some other considerations for proper routing:
https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_%28SSL%29
https://doc.pfsense.org/index.php/OpenVPN_iroute_in_CSC_seems_to_have_no_effect -
On further investigation, it seems that pfsense is doing exactly as it should, it is assigning itself the 42.1 address, it's the dd-wrt router that is insisting on the .5 and .6 addresses.
Thank you for the links though, definitely good information that I didn't know before