I successfully got OpenVPN to work with one computer, and can access resources on the network just fine. I decided to add another OpenVPN computer (and user), and it won’t route traffic from the second OpenVPN computer to the network resources. The only thing I can do is ping the LAN gateway (192.168.0.1). Even stranger is, if I connect with computer #1, computer #2 will start routing traffic.
Computer 1 is connecting with virtual IP 10,0.0.2.
Computer 2 is connecting with virtual IP 10.0.0.3.
However, I don’t see 10.0.0.3 in the routing table even with Computer #2 connected.
Here’s the routing table. 10.0.0.0/24 is the VPN virtual network, and 192.168.0.0/24 is the LAN.
Any assistance would be appreciated.
Take a look at the openvpn logs on the second computer. If you are using the openvpn connect client there is a button at the top right of the application window.
Excellent idea. I compared the OpenVPN Connect logs from Computer 1 and Computer 2, and they are identical other than the virtual IP addresses being 10.0.0.2 and 10.0.0.3 respectively. I especially took a close look at the section labeled “add_routes”.
“add_routes” :
[
{
“address” : “192.168.0.0”,
“gateway” : “”,
“ipv6” : false,
“metric” : -1,
“net30” : false,
“prefix_length” : 24
}
],
“block_ipv6” : false,
“layer” : 3,
“mtu” : 0,
“remote_address” :
{
“address” : “WAN IP”,
“ipv6” : false
},
“reroute_gw” :
{
“flags” : 256,
“ipv4” : false,
“ipv6” : false
},
“route_metric_default” : -1,
“session_name” : “name”,
“tunnel_address_index_ipv4” : 0,
“tunnel_address_index_ipv6” : -1,
“tunnel_addresses” :
[
{
“address” : “10.0.0.3”,
“gateway” : “10.0.0.1”,
“ipv6” : false,
“metric” : -1,
“net30” : false,
“prefix_length” : 24
}
]
I ran another test by importing the profile for computer/user #2 into OpenVPN Connect on Computer #1. I connected using the second profile, which created a virtual IP address of 10.0.0.3. In pfsense, it still doesn’t show the 10.0.0.3 in the routing table.
What about the logs on pfsense itself at Status → Logs → OpenVPN
Here is the log. I first connected with Computer1/User1 and then disconnected. Then about 20 minutes later I connected with Computer2/User2. I am not seeing any difference between the two.
One other thing I noticed is I can ping a device on the remote LAN from Computer 2, and get no response. 15 minutes later, it will respond to a ping. Another 15 minutes later, it is dead again.
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 peer info: IV_VER=3.git::d3f8b18b |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 peer info: IV_PLAT=win |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 peer info: IV_NCP=2 |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 peer info: IV_TCPNL=1 |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 peer info: IV_PROTO=30 |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 peer info: IV_GUI_VER=OCWindows_3.3.6-2752 |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 peer info: IV_SSO=webauth,openurl,crtext |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 peer info: IV_BS64DL=1 |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1569’, remote=‘link-mtu 1553’ |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 WARNING: ‘keysize’ is used inconsistently, local=‘keysize 256’, remote=‘keysize 128’ |
| Apr 11 12:01:05 |
openvpn |
61350 |
WAN IP:28335 [user1] Peer Connection Initiated with [AF_INET]WAN IP:28335 |
| Apr 11 12:01:05 |
openvpn |
66401 |
user ‘user1’ authenticated |
| Apr 11 12:01:05 |
openvpn |
61350 |
user1/WAN IP:28335 MULTI_sva: pool returned IPv4=10.0.0.2, IPv6=(Not enabled) |
| Apr 11 12:01:05 |
openvpn |
66777 |
openvpn server ‘ovpns1’ user ‘user1’ address ‘WAN IP’ - connected |
| Apr 11 12:01:06 |
openvpn |
61350 |
user1/WAN IP:28335 IP packet with unknown IP version=0 seen |
| Apr 11 12:07:44 |
openvpn |
57632 |
openvpn server ‘ovpns1’ user ‘user1’ address ‘WAN IP’ - disconnected |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 peer info: IV_VER=3.git::d3f8b18b |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 peer info: IV_PLAT=win |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 peer info: IV_NCP=2 |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 peer info: IV_TCPNL=1 |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 peer info: IV_PROTO=30 |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 peer info: IV_GUI_VER=OCWindows_3.3.7-2979 |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 peer info: IV_SSO=webauth,openurl,crtext |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 peer info: IV_BS64DL=1 |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1569’, remote=‘link-mtu 1553’ |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 WARNING: ‘keysize’ is used inconsistently, local=‘keysize 256’, remote=‘keysize 128’ |
| Apr 11 12:20:06 |
openvpn |
61350 |
WAN IP:34812 [user2] Peer Connection Initiated with [AF_INET]WAN IP:34812 |
| Apr 11 12:20:06 |
openvpn |
48227 |
user ‘user2’ authenticated |
| Apr 11 12:20:06 |
openvpn |
61350 |
user2/WAN IP:34812 MULTI_sva: pool returned IPv4=10.0.0.3, IPv6=(Not enabled) |
| Apr 11 12:20:06 |
openvpn |
48559 |
openvpn server ‘ovpns1’ user ‘user2’ address ‘WAN IP’ - connected |
| Apr 11 12:20:07 |
openvpn |
61350 |
user2/WAN IP:34812 IP packet with unknown IP version=0 seen |
Here is some more info. If I ping the remote LAN gateway, 192.168.0.1 and leave it on continuous ping, the connection will come alive. I can’t figure this out.
