Project

General

Profile

Actions
Copy link

Bug #9442

closed

Wrong route when using openvpn client and multiple subnet ?

Added by Laurent B about 6 years ago. Updated about 6 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
03/31/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

I'm using 2.4.4 version

I setup an openvpnclient, nordvpn, using this tutorial :
https://nordvpn.com/fr/tutorials/pfsense/pfsense-openvpn/

this is working good.

now I have 2 LAN interfaces :
LAN, which is 192.168.62.0/24 , ip static 192.168.62.100
LAN2, which is 192.168.40.0/24 , ip static 192.168.40.1

the traceroute from LAN machine to LAN2 machine is wrong, for example, trying to reach LAN2 PC 192.168.60.42 from LAN PC 192.168.62.10 :

traceroute 192.168.40.42
traceroute to 192.168.40.42 (192.168.40.42), 64 hops max, 52 byte packets
1 10.8.3.1 (10.8.3.1) 7.869 ms 7.700 ms 6.884 ms
2 10.8.3.1 (10.8.3.1) 7.871 ms 7.432 ms 7.789 ms

routing table seems to be good, we can see the entry 192.168.40.0/24 , so why it's using 10.8.3.0/24 route ?


Destination        Gateway    Flags    Use    Mtu    Netif    Expire
default            192.168.10.1    UGS    112829    1500    vmx1    
10.0.0.0/24        192.168.62.200    UGS    1588    1500    vmx0    
10.8.3.0/24        10.8.3.1    UGS    0    1500    ovpnc1    
10.8.3.1            link#8    UH    0    1500    ovpnc1    
10.8.3.32        link#8    UHS    22558    16384    lo0    
127.0.0.1            link#5    UH    1157    16384    lo0    
192.168.10.0/24    link#2    U    0    1500    vmx1    
192.168.10.1        00:0c:29:a3:d3:39    UHS    39708    1500    vmx1    
192.168.10.14        link#2    UHS    0    16384    lo0    
192.168.40.0/24    link#3    U    60    1500    vmx2    
192.168.40.1        link#3    UHS    0    16384    lo0    
192.168.62.0/24    link#1    U    6656809    1500    vmx0    
192.168.62.100    link#1    UHS    538689    16384    lo0
Actions
Copy link
 #1

Updated by Laurent B about 6 years ago

VMX0 is LAN1, 192.168.62.100
VMX1 is WAN, 192.168.10.1
VMX2 is LAN2, 192.168.40.1

Actions
Copy link
 #2

Updated by Jim Pingle about 6 years ago

  • Status changed from New to Not a Bug

This is almost certainly a configuration issue, such as the LAN traffic hitting a policy routing rule and being forced out the VPN. Post to https://forum.netgate.com if you need assistance with fixing your configuration.

Actions
Copy link
 #3

Updated by Laurent B about 6 years ago

yes you are right. My brain was focused on a routing table problem, but all I had to do was to change rules, for the record :
change the lan rule : Source Lan NET (192.168.62.0), Destination NOT (!) 192.168.40.0/24, Gateway to NordVPN
add this rule : Source Lan NET, Destination 192.168.40.0/24, GateWay default

can be closed

Actions
Copy link

Also available in: Atom PDF