Bug #3309
wrong routing on multidsl+multiopenvpn
0%
Description
In a multidsl enviroment with 1Server and 2 (or more) site2site OpenVPN clients the 2nd one does not route correctly.
Look to the pictures: on the routing table remote lans have got the same gw (and netif), but different traceroute behavior.
Disabling multigw on fw pass LAN rule solves the problem.
History
#1
Updated by Federico Viel over 7 years ago
Further digging found out the following:
pfSense code does not list all vpn_networks in <vpn_networks> variable as you can see from /tmp/rules.debug
2.1-RC1 (online: production fw)
....
table <vpn_networks> { 10.106.100.0/24 192.168.11.0/24 10.106.100.0/24 192.168.12.0/24 10.116.100.0/24 192.168.12.0/24 192.168.21.0/24 10.106.100.0/24 192.168.12.0/24 10.116.100.0/24 192.168.12.0/24 }
table <negate_networks> { 10.106.100.0/24 192.168.11.0/24 10.106.100.0/24 192.168.12.0/24 10.116.100.0/24 192.168.12.0/24 192.168.21.0/24 10.106.100.0/24 192.168.12.0/24 10.116.100.0/24 192.168.12.0/24 }
....
2.1-RELEASE (offline: test machine with just lan netif up)
...
table <vpn_networks> { 10.116.100.0/24 192.168.12.0/24 192.168.21.0/24}
table <negate_networks> { 10.116.100.0/24 192.168.12.0/24 192.168.21.0/24}
....
(In 2.1-RC1 it works)
#2
Updated by Federico Viel over 7 years ago
Take a look to http://forum.pfsense.org/index.php/topic,66776.45.html replies #58 and #59
#3
Updated by Renato Botelho over 7 years ago
- Category set to OpenVPN
- Status changed from New to Feedback
- Target version set to 2.1.1
Pull request was merged, could you confirm that it fixed the issue?
#4
Updated by Federico Viel over 7 years ago
yes, I do!
I tested the fix on 2.1-RELEASE and now both VPNS work.
#5
Updated by Renato Botelho over 7 years ago
- Status changed from Feedback to Resolved