"
Greetings,
I'm using OPNsense for a few weeks now (rpivate) and am pretty amazed by it's features and flexibility.
So far I have a working setup with a bng connection, openvpn-server, dyndns, nginx as a reverse proxy.
The only trouble i have is when i try to use openvpn-client on the box to connect to other networks.
I'd like to connect to a remote /16 as well as a remote /24 network and only tunnel that specific traffic through the interface (ovpnc2 in my case). When I reboot opnsense it works pretty much as expected, but as soon as I reconnect the tunnel (changing config or something like that) I'm ending up with the tunnel as interface for my default gateway
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default link#10 U ovpnc2
dns.quad9.net 62.155.242.164 UGHS pppoe0
62.155.242.164 link#13 UH pppoe0
fw01 link#13 UHS lo0
localhost link#6 UH lo0
192.168.1.0/24 link#14 U bridge0
fw01 link#14 UHS lo0
192.168.2.0/24 link#3 U igb2
fw01 link#3 UHS lo0
192.168.4.0/24 link#9 U ovpns1
fw01 link#9 UHS lo0
It seems like the checkboxes "Don't pull routes" and "Don't add/remove routes" in the vpn / Clients config get ignored.
I've also tried to add "route-nopull" as well as "route x.x.0.0/16" to the Advanced configuration, but still the same result as shown above.
further Information:
I'm on OPNsense 17.7.7
And the log shows this related messages:
Nov 21 21:30:48 fw01 openvpn[482]: PUSH: Received control message: 'PUSH_REPLY,route x.x.0.0 255.255.0.0,dhcp-option DNS x.x.x.1,route-gateway x.x.x.1,ping 10,ping-restart 120,ifconfig x.x.x.132 255.255.255.0,peer-id 4,cipher AES-256-GCM'
Nov 21 21:30:48 fw01 openvpn[482]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Nov 21 21:30:48 fw01 openvpn[482]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Nov 21 21:30:48 fw01 openvpn[482]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Nov 21 21:30:48 fw01 openvpn[482]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 21 21:30:48 fw01 openvpn[482]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 21 21:30:48 fw01 openvpn[482]: OPTIONS IMPORT: route-related options modified
So, could someone please help me to find my mistake and give me a hint how to keep my default route untouched when openvpn-client starts?
Best regards!
I'm using OPNsense for a few weeks now (rpivate) and am pretty amazed by it's features and flexibility.
So far I have a working setup with a bng connection, openvpn-server, dyndns, nginx as a reverse proxy.
The only trouble i have is when i try to use openvpn-client on the box to connect to other networks.
I'd like to connect to a remote /16 as well as a remote /24 network and only tunnel that specific traffic through the interface (ovpnc2 in my case). When I reboot opnsense it works pretty much as expected, but as soon as I reconnect the tunnel (changing config or something like that) I'm ending up with the tunnel as interface for my default gateway
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default link#10 U ovpnc2
dns.quad9.net 62.155.242.164 UGHS pppoe0
62.155.242.164 link#13 UH pppoe0
fw01 link#13 UHS lo0
localhost link#6 UH lo0
192.168.1.0/24 link#14 U bridge0
fw01 link#14 UHS lo0
192.168.2.0/24 link#3 U igb2
fw01 link#3 UHS lo0
192.168.4.0/24 link#9 U ovpns1
fw01 link#9 UHS lo0
It seems like the checkboxes "Don't pull routes" and "Don't add/remove routes" in the vpn / Clients config get ignored.
I've also tried to add "route-nopull" as well as "route x.x.0.0/16" to the Advanced configuration, but still the same result as shown above.
further Information:
I'm on OPNsense 17.7.7
And the log shows this related messages:
Nov 21 21:30:48 fw01 openvpn[482]: PUSH: Received control message: 'PUSH_REPLY,route x.x.0.0 255.255.0.0,dhcp-option DNS x.x.x.1,route-gateway x.x.x.1,ping 10,ping-restart 120,ifconfig x.x.x.132 255.255.255.0,peer-id 4,cipher AES-256-GCM'
Nov 21 21:30:48 fw01 openvpn[482]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Nov 21 21:30:48 fw01 openvpn[482]: Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Nov 21 21:30:48 fw01 openvpn[482]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Nov 21 21:30:48 fw01 openvpn[482]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 21 21:30:48 fw01 openvpn[482]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 21 21:30:48 fw01 openvpn[482]: OPTIONS IMPORT: route-related options modified
So, could someone please help me to find my mistake and give me a hint how to keep my default route untouched when openvpn-client starts?
Best regards!
