OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: MdB on February 20, 2019, 03:46:30 pm

Title: OpenVPN internal route(s) not added automatically
Post by: MdB on February 20, 2019, 03:46:30 pm

When configuring an OpenVPN server for a peer-to-peer connection to another site, the user interface allows you to specify, under "IPv4/6 Remote Network", a (list of) far network(s) that are then automatically routed over the VPN connection. To enable these routes however, OpenVPN needs --iroute option(s) to really enable these routes (see OpenVPN documentation). These can be added on the server page under "Advanced configuration" or as a Client Specific Override, e.g.:

Quote

iroute 10.8.6.128 255.255.255.192

The user interface thus falsly suggests that specifying these networks as "IPv4/6 Remote Network" is sufficient. :(

(this sadly cost me half a day to figure out!)

Title: Re: OpenVPN internal route(s) not added automatically
Post by: chemlud on February 20, 2019, 04:01:39 pm

Ehhm, nope. I have both clients and servers for site-to-site OpenVPN without this Advanced stuff, just doing fine for years...

Correct syntax for remote networks is

Code: [Select]

192.168.100.0/24,192.168.101.0/26