Netgate SG-1000 microFirewall

Author Topic: Openvpn bug? route push not added to server config  (Read 175 times)

0 Members and 1 Guest are viewing this topic.

Offline starr

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Openvpn bug? route push not added to server config
« on: December 31, 2017, 02:06:25 am »
Hi
I had a weird client side routing problem when accessing the LAN network(192.168.1.0/24) via the VPN, when the local network on the remote site has the same LAN network.  I experienced that there were a few hosts I was unable to reach do to the client attempted to reach them via the wifi interface and not the tun interface.

So looking at the VPN server config in the web GUI, I could not find any thing wrong except that "Local Network" field was not present(not rendered) at all.
Looking at the config via ssh (/var/etc/openvpn/server1.conf) shows that the push "route 192.168.1.0 255.255.255.0" is not actually in the config..

Adding push "route 192.168.1.0 255.255.255.0" to the Advanced Configuration > Custom options in web GUI solved my problems.

Never had this problem before I reinstalled pfsense (just reinstalled) and I did not restore anything from backup. I have installed openvpn multiple times before without any problems.

Is this a bug or was I just unlucky?

pfsense version: 2.4.2-RELEASE (amd64) Netgate SG-2220
openvpn server version: OpenVPN 2.4.4 amd64-portbld-freebsd11.1
openvpn client version: 2.4.4 x86_64-w64-mingw32

Edit: I used the Wizard to create the VPN server
« Last Edit: December 31, 2017, 02:26:29 am by starr »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15744
  • Karma: +1470/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Openvpn bug? route push not added to server config
« Reply #1 on: January 01, 2018, 10:09:38 am »
"I had a weird client side routing problem when accessing the LAN network(192.168.1.0/24) via the VPN, when the local network on the remote site has the same LAN network. "

There is no bug - but there is a borked config.. How do you expect the client to know where to send traffic to talk to a device that it thinks is local - why would it send that traffic down its vpn connection.. Do not use the same network on both sides of a vpn connection if you want stuff to work..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline starr

  • Newbie
  • *
  • Posts: 11
  • Karma: +0/-0
    • View Profile
Re: Openvpn bug? route push not added to server config
« Reply #2 on: January 01, 2018, 05:41:06 pm »
We might misunderstand each other or I might be wrong.. -> Since the server never pushed the route "push "route 192.168.1.0 255.255.255.0"" to the client, the client on the lan(192.168.1.0/24) would use   the "wifi interface" when requesting host's in the 192.168.1.0/24 range instead of tun interface (opnvpn adapter).

When I added "push "route 192.168.1.0 255.255.255.0"" to the server config, the client now knows it should use the tun interface instead.

The reason I thought this could be a bug is because when I configured the server I specified these options(using the wizard):
Tunnel Network 10.0.8.0/24
Redirect Gateway checked
Local Network 192.168.1.0/24

Because of the "Local Network 192.168.1.0/24" entry I expected "push "route 192.168.1.0 255.255.255.0"" to be present in the server.conf.

Any way, things are working and im happy:)