Routing traffic through OpenVPN client doesn't work in 2.3 anymore

  • Hi,

    I have a weird issue and I am not able to figure out, why things are not working anymore.

    My situation: I have two pfSense boxes. One acts as a VPN server (with IP, issueing IPs in the subnet to the clients). A bunch of OpenWRT based routers (temporarily installed at different sites) connect to it via OpenVPN. On each router, routes are defined, routing each router's subnet (192.168.x.0/24) through its IP on the VPN client (10.11.12.x). So I have a routing table one each device like => => =>

    Everything works fine from these routers, I can access each subnet of each router like that. I also can access each routers subnet via an OpenVPN client on my notebook.

    However, if I use the second pfSense as a client (to allow my office network to also reach those subnets without the need to run a VPN client on each computer), this does not work, eventhough the routes in the second pfSense box look fine:        UGS          0  1500    ovpnc5        UGS          0  1500    ovpnc5        UGS          0  1500    ovpnc5

    If I ping for instance from a client where everything works (my notebook or one of the routers), I can see
    via tcpdump/wireshark that the packet is sent to the VPN tunnel using the MAC address of the gateway.

    However, if I ping from the second pfSense box, I can see it sends the packet through the VPN tunnel using the MAC address of the VPN server instead (in this example the, basically ignoring the route for the subnet. I tried to route this subnet to some other gateway in another network and this works, e.g. the pfSense really respects the gateway setting. But not for the VPN tunnel…

    There are no other routes for those subnets and also no routes directing traffic to the VPN server, especially not a default route or so.

    It stopped working from the pfSense client when I upgraded both pfSenses to 2.3. Since my other VPN client still work as usual, I assume it is related to the pfSense which acts as a client.

    I have the VPN server pfSense configured as Remote access server.

    Pinging the 10.11.12.x addresses from the pfSense client works fine. I of course also configured outgoing NAT etc. and the problem occurs also when I ping from the pfSense client itself.

    I really don't understand why the client pfSense obviously ignores the direct route for that subnet and sends the packets to a different IP.

    Thanks for your help!

    • JohnSheridan

  • Hey John,
    did you ever get this working?
    I am experiencing a similar issue trying to connect a 2.3 PfSense to a Openvpn server.



Log in to reply