Pfsense router client cannot route to OpenVPN server

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
nicole4pt
OpenVpn Newbie
Posts: 5
Joined: Sun Jan 05, 2014 3:11 am

Pfsense router client cannot route to OpenVPN server

Post by nicole4pt » Thu Apr 05, 2018 12:58 am

Hello
I have an OpenVPN server that is set to route only some subnets.
It works fine with windows clients.
It's working with a linux client
However after we upgraded from openvpn-as-2.0.17 to openvpn-as-2.5 my pfsense box will not route to it.

Pfsense connects to the OpenVPN server but it will not route through it.
Pfsense shows a route via netstat -r 172.27.248.0/23 172.27.248.1 UGS ovpnc1
But I cannot ping the openvpn box and so it marks the interface as Packet Loss / Down.

OPT1_VPNV4 172.27.250.1 Down
Interfaces: 172.27.250.31

I cannot ping 172.27.250.1 from the Pfsense box
But I can ping 172.27.250.31 which means it is assigning it an IP.

Everything worked before we upgraded. So I am curious what may have changed?
Also can anyone reccomend any good documents on setting up Pfsense to route some traffic via OpenVPN? There are many documents and everyone seems to have their own way of doing things.

Thanks!

nicole4pt
OpenVpn Newbie
Posts: 5
Joined: Sun Jan 05, 2014 3:11 am

Re: Pfsense router client cannot route to OpenVPN server

Post by nicole4pt » Thu Apr 05, 2018 1:12 am

From my Logs:
openvpn 34571 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.4)
openvpn 34571 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.4)
openvpn 34571 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.4)
openvpn 34571 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) <- Many of these
openvpn 34571 Options error: option 'redirect-private' cannot be used in this context ([PUSH-OPTIONS])
openvpn 34571 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks

Post Reply