OpenVPN routing issues

  • Hi,

    I'm trying to setup a point 2 point OpenVPN connection but I'm stuck on a routing issue.

    I get the following results when testing with ping:

    • Ping from PFSense side 1 to WS2: PFSense side 1 > VPN Tunnel > PFSense side 2 > Workstation side 2 (works fine)
    • Ping from WS1 to WS2: Workstation side 1 > PFSense side 1 > VPN Tunnel > PFSense side 2 > Workstation side 2 (doesn't work!)

    Traffic from the WS1 is allowed to the VPN network. I have enabled logging for this rule and it show's up as allowed through the firewall (PFSense side 1).

    After some package capturing I found out that the ping to WS2 is being sent to the default gateway (WAN) and not into the VPN tunnel. Very strange as the OpenVPN service has correctly created the routing rule (I checked it in Diagnostics > Routing tables) and I can ping from the PFSense itself so the routing table should be right.

    The LAN on side 1 uses public IPv4 addresses in the internal network; I was thinking that's what's causing the issue. So I tested it by creating a (normal) private IP-range LAN. That solves the issue, but we need the public IP-addresses.

    Any suggestions in how to get the routing right?


  • In the OpenVPN site-to-site Local and Remote Network/s boxes, what do you have?

    1. If those are filled in appropriately then routes will be created pointing to the relevant networks on the other side of the OpenVPN site-2-site link. That should work even if some subnets are public IPs.

    2. Maybe you have policy-routing rule/s on a LAN at 1 or both ends that are policy-routing all the public traffic out the WAN?

  • Post a network map.  Post the openvpn config (server1.conf, client1.conf) from both sides.

Log in to reply