Messages

The locals on the same vlan can reach the vpn client even when the openvpn is running.
I just would like to know how to config opnsense to allow me to reach then vpn client from another vlan.

wan <--> opnsense (vpn_gw) <--------> VLAN20 --- desktop
                                                     \ ----> VLAN60 --- server1 (openvpn client)

My first opnsense setup and struggling with routing configuration.
The server on vlan60 is reachable from vlan20.
The moment server1 start it's own openvpn client the routes change and i cannot reach it from vlan20, desktops in vlan60 are though able to reach it.
I need help, my attempts with single gw and routes config were futile.  :'(


openvpn client stopped (server reachable from any allowed local client)

root@broken-vpn:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.10.60.1      0.0.0.0         UG    100    0        0 eth0
10.10.60.0      0.0.0.0         255.255.255.0   U     100    0        0 eth0
10.10.60.1      0.0.0.0         255.255.255.255 UH    100    0        0 eth0

openvpn client running (only reachable from vlan60)

root@broken-vpn:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.1        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.10.60.1      0.0.0.0         UG    100    0        0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
10.10.60.0      0.0.0.0         255.255.255.0   U     100    0        0 eth0
10.10.60.1      0.0.0.0         255.255.255.255 UH    100    0        0 eth0
128.0.0.0       10.8.0.1        128.0.0.0       UG    0      0        0 tun0
143.244.41.17 10.10.60.1      255.255.255.255 UGH   0      0        0 eth0