OpenVpn routing

  • Hello

    I'am using the OpenVPN service.
    The WAN IP is 51.XX.XX.53
    The LAN IP of the pfsense server is
    The Lan network is
    The IP Tunnel network is

    The client can access the Openvpn server :
    Fri Oct 30 10:08:54 2015 TAP-WIN32 device [Connexion au réseau local 2] opened: \.\Global{0920181E-E5B4-4F9D-8D95-D6422E4650B1}.tap
    Fri Oct 30 10:08:54 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of on interface {0920181E-E5B4-4F9D-8D95-D6422E4650B1} [DHCP-serv:, lease-time: 31536000]
    Fri Oct 30 10:08:54 2015 Successful ARP Flush on interface [29] {0920181E-E5B4-4F9D-8D95-D6422E4650B1}
    Fri Oct 30 10:08:59 2015 Initialization Sequence Completed
    Fri Oct 30 10:19:31 2015 [VPN Server Cert] Inactivity timeout (–ping-restart), restarting
    Fri Oct 30 10:19:31 2015 SIGUSR1[soft,ping-restart] received, process restarting
    Fri Oct 30 10:19:33 2015 UDPv4 link local (bound): [undef]
    Fri Oct 30 10:19:33 2015 UDPv4 link remote: [AF_INET]51.xx.xx.53:1194
    Fri Oct 30 10:19:33 2015 [VPN Server Cert] Peer Connection Initiated with [AF_INET]51.xx.xx.53:1194
    Fri Oct 30 10:19:35 2015 Preserving previous TUN/TAP instance: Connexion au réseau local 2
    Fri Oct 30 10:19:35 2015 Initialization Sequence Completed

    The client pings the tunnel IP (
    The client pings the Lan IP (
    The client dons't ping the another LAN IP like

    Can you help me, and tell me how the client can acccess to the LAN ?

    ![2015-10-30 12_29_58-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_29_58-mRemoteNG - confCons.xml.png)
    ![2015-10-30 12_29_58-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_29_58-mRemoteNG - confCons.xml.png_thumb)
    ![2015-10-30 12_30_48-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_30_48-mRemoteNG - confCons.xml.png)
    ![2015-10-30 12_30_48-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_30_48-mRemoteNG - confCons.xml.png_thumb)
    ![2015-10-30 12_31_06-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_31_06-mRemoteNG - confCons.xml.png)
    ![2015-10-30 12_31_06-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_31_06-mRemoteNG - confCons.xml.png_thumb)
    ![2015-10-30 12_32_24-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-10-30 12_32_24-mRemoteNG - confCons.xml.png)
    ![2015-10-30 12_32_24-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-10-30 12_32_24-mRemoteNG - confCons.xml.png_thumb)

  • Check to points:

    • Is pfSense the default gateway at your LAN hosts? If not you have to add a route to direct response to pfSense or use NAT.

    • Are pings blocked by the hosts firewall?

  • Hello,

    The ping is enable on the firewall.
    The pfsense server can ping the server.
    The Lan Host uses another gateway.
    I will add a route on the server.

    I will give you a feed back.


  • Hello,

    On the server, the firewall is disable and  I have add a route on this server withou success
    route ADD MASK
    Have you another idea ?

    You can see a Wireshark capture ?

    ![2015-11-02 08_44_17-mRemoteNG - confCons.xml.png](/public/imported_attachments/1/2015-11-02 08_44_17-mRemoteNG - confCons.xml.png)
    ![2015-11-02 08_44_17-mRemoteNG - confCons.xml.png_thumb](/public/imported_attachments/1/2015-11-02 08_44_17-mRemoteNG - confCons.xml.png_thumb)

  • The mask in route add isn't correct. You need at least to include your VPN IP or you change the net address to But better set the route for the whole VPN tunnel, mask

    To make the route persistent add the "-p" option.

  • Thank you for your hekp, it's working :)

Log in to reply