Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing traffic through OpenVPN client doesn't work in 2.3 anymore

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JohnSheridan
      last edited by

      Hi,

      I have a weird issue and I am not able to figure out, why things are not working anymore.

      My situation: I have two pfSense boxes. One acts as a VPN server (with IP 10.11.12.1, issueing IPs in the subnet 10.11.12.1/24 to the clients). A bunch of OpenWRT based routers (temporarily installed at different sites) connect to it via OpenVPN. On each router, routes are defined, routing each router's subnet (192.168.x.0/24) through its IP on the VPN client (10.11.12.x). So I have a routing table one each device like

      192.168.111.0/24 =>      10.11.12.111
      192.168.112.0/24 =>      10.11.12.112
      192.168.113.0/24 =>      10.11.12.113

      Everything works fine from these routers, I can access each subnet of each router like that. I also can access each routers subnet via an OpenVPN client on my notebook.

      However, if I use the second pfSense as a client (to allow my office network to also reach those subnets without the need to run a VPN client on each computer), this does not work, eventhough the routes in the second pfSense box look fine:

      192.168.111.0/24    10.11.12.111        UGS          0  1500    ovpnc5
      192.168.112.0/24    10.11.12.112        UGS          0  1500    ovpnc5
      192.168.113.0/24    10.11.12.113        UGS          0  1500    ovpnc5

      If I ping for instance 192.168.111.254 from a client where everything works (my notebook or one of the routers), I can see
      via tcpdump/wireshark that the packet is sent to the VPN tunnel using the MAC address of the 10.11.12.111 gateway.

      However, if I ping from the second pfSense box, I can see it sends the packet through the VPN tunnel using the MAC address of the VPN server instead (in this example the 10.11.12.1), basically ignoring the route for the subnet. I tried to route this subnet to some other gateway in another network and this works, e.g. the pfSense really respects the gateway setting. But not for the VPN tunnel…

      There are no other routes for those subnets and also no routes directing traffic to the VPN server, especially not a default route or so.

      It stopped working from the pfSense client when I upgraded both pfSenses to 2.3. Since my other VPN client still work as usual, I assume it is related to the pfSense which acts as a client.

      I have the VPN server pfSense configured as Remote access server.

      Pinging the 10.11.12.x addresses from the pfSense client works fine. I of course also configured outgoing NAT etc. and the problem occurs also when I ping from the pfSense client itself.

      I really don't understand why the client pfSense obviously ignores the direct route for that subnet and sends the packets to a different IP.

      Thanks for your help!

      • JohnSheridan
      1 Reply Last reply Reply Quote 0
      • B
        bunzilein
        last edited by

        Hey John,
        did you ever get this working?
        I am experiencing a similar issue trying to connect a 2.3 PfSense to a Openvpn server.

        Thanks

        Martin

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.