Bug #3309
closed
wrong routing on multidsl+multiopenvpn
0%
Description
In a multidsl enviroment with 1Server and 2 (or more) site2site OpenVPN clients the 2nd one does not route correctly.
Look to the pictures: on the routing table remote lans have got the same gw (and netif), but different traceroute behavior.
Disabling multigw on fw pass LAN rule solves the problem.
Files
| routes 2.1-RELEASE.JPG (157 KB) routes 2.1-RELEASE.JPG | |||
| tracert.JPG (88.4 KB) tracert.JPG |
Updated by Federico Viel about 8 years ago
Further digging found out the following:
pfSense code does not list all vpn_networks in <vpn_networks> variable as you can see from /tmp/rules.debug
2.1-RC1 (online: production fw)
....
table <vpn_networks> { 10.106.100.0/24 192.168.11.0/24 10.106.100.0/24 192.168.12.0/24 10.116.100.0/24 192.168.12.0/24 192.168.21.0/24 10.106.100.0/24 192.168.12.0/24 10.116.100.0/24 192.168.12.0/24 }
table <negate_networks> { 10.106.100.0/24 192.168.11.0/24 10.106.100.0/24 192.168.12.0/24 10.116.100.0/24 192.168.12.0/24 192.168.21.0/24 10.106.100.0/24 192.168.12.0/24 10.116.100.0/24 192.168.12.0/24 }
....
2.1-RELEASE (offline: test machine with just lan netif up)
...
table <vpn_networks> { 10.116.100.0/24 192.168.12.0/24 192.168.21.0/24}
table <negate_networks> { 10.116.100.0/24 192.168.12.0/24 192.168.21.0/24}
....
(In 2.1-RC1 it works)
Updated by Federico Viel about 8 years ago
Take a look to http://forum.pfsense.org/index.php/topic,66776.45.html replies #58 and #59
Updated by Renato Botelho about 8 years ago
- Category set to OpenVPN
- Status changed from New to Feedback
- Target version set to 2.1.1
Pull request was merged, could you confirm that it fixed the issue?
Updated by Federico Viel about 8 years ago
yes, I do!
I tested the fix on 2.1-RELEASE and now both VPNS work.
Updated by Renato Botelho about 8 years ago
- Status changed from Feedback to Resolved