Hi again, > From: Philipp Tölke [mailto:[email protected]] > Sent: 27 July, 2016 16:01 > >> Check the system routing table. From the sound of the errors, it would >> appear that the firewall routing table does not include a route back to >> the VPN client subnet. > > Interesting: The routing table has an entry for the VPN network: > > Destination Gateway Flags Netif Expire > [...] > 10.1.2.0/24 10.1.2.2 UGS ovpns2 > 10.1.2.2 link#16 UH ovpns2 > > But since the OpenVPN is configured as "net30" the gateway 10.1.2.2 is > not on the same network as most of the querying systems... > > Why has this worked until yesterday?
So I dug into this issue some more; the other VPN-Servers all use "subnet" and not "net30" and DNS works. The other VPN-Servers all have routes looking like this: 10.1.0.0/24 10.1.0.1 UGS ovpns1 10.1.0.1 link#15 UHS lo0 10.1.0.2 link#15 UH ovpns1 Changing the route of the net30-VPN to be like the routes of my other VPN-Servers: 10.1.2.0/24 10.1.2.1 UGS ovpns2 10.1.2.1 link#16 UHS lo0 10.1.2.2 link#16 UH ovpns2 Does not help with my issue. Even adding the peer-to-peer configuration of a host to the interface: ifconfig ovpns2 10.1.2.181 10.1.2.182 netmask 255.255.255.255 alias Has not enabled DNS resolving. Resolving using another DNS-Server in my internal net works so this is not a firewall-issue. Is there anything I can do short of rolling out another DNS-Server? Thanks for the help! Philipp _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
