Routing traffic through OpenVPN client doesn't work in 2.3 anymore

JohnSheridan

Hi,

I have a weird issue and I am not able to figure out, why things are not working anymore.

My situation: I have two pfSense boxes. One acts as a VPN server (with IP 10.11.12.1, issueing IPs in the subnet 10.11.12.1/24 to the clients). A bunch of OpenWRT based routers (temporarily installed at different sites) connect to it via OpenVPN. On each router, routes are defined, routing each router's subnet (192.168.x.0/24) through its IP on the VPN client (10.11.12.x). So I have a routing table one each device like

192.168.111.0/24 =>      10.11.12.111
192.168.112.0/24 =>      10.11.12.112
192.168.113.0/24 =>      10.11.12.113

Everything works fine from these routers, I can access each subnet of each router like that. I also can access each routers subnet via an OpenVPN client on my notebook.

However, if I use the second pfSense as a client (to allow my office network to also reach those subnets without the need to run a VPN client on each computer), this does not work, eventhough the routes in the second pfSense box look fine:

192.168.111.0/24    10.11.12.111        UGS          0  1500    ovpnc5
192.168.112.0/24    10.11.12.112        UGS          0  1500    ovpnc5
192.168.113.0/24    10.11.12.113        UGS          0  1500    ovpnc5

If I ping for instance 192.168.111.254 from a client where everything works (my notebook or one of the routers), I can see
via tcpdump/wireshark that the packet is sent to the VPN tunnel using the MAC address of the 10.11.12.111 gateway.

However, if I ping from the second pfSense box, I can see it sends the packet through the VPN tunnel using the MAC address of the VPN server instead (in this example the 10.11.12.1), basically ignoring the route for the subnet. I tried to route this subnet to some other gateway in another network and this works, e.g. the pfSense really respects the gateway setting. But not for the VPN tunnel…

There are no other routes for those subnets and also no routes directing traffic to the VPN server, especially not a default route or so.

It stopped working from the pfSense client when I upgraded both pfSenses to 2.3. Since my other VPN client still work as usual, I assume it is related to the pfSense which acts as a client.

I have the VPN server pfSense configured as Remote access server.

Pinging the 10.11.12.x addresses from the pfSense client works fine. I of course also configured outgoing NAT etc. and the problem occurs also when I ping from the pfSense client itself.

I really don't understand why the client pfSense obviously ignores the direct route for that subnet and sends the packets to a different IP.

Thanks for your help!

• JohnSheridan

bunzilein

Hey John,
did you ever get this working?
I am experiencing a similar issue trying to connect a 2.3 PfSense to a Openvpn server.

Thanks

Martin