[kwlug-disc] Initiating connections to OpenVPN clients

Chris Frey cdfrey at foursquare.net
Thu Jun 30 13:23:45 EDT 2011

On Thu, Jun 30, 2011 at 12:17:17AM -0400, Paul Nijjar wrote:
> This adds the following lines to the OpenVPN configuration: 
> route;push "route

I'm not a pfSense expert... is that semicolon a comment symbol, or
are those two commands?

> and in the "client-specific configuration" tab of pfsense I have: 
> iroute
> but I am not sure why this makes things work. Removing any one of
> these lines makes things fail. I understand I am making a "site to site"
> connection to my one client, but I don't understand why this should be
> necessary for server B to connect to client C. 

It makes some sense to me... the network really only exists
for Client C, until you add routes to pass traffic over the VPN as well.

Just for safety's sake, I'd test to see what other machines I could reach
on the network, from server B.  If Client C has forwarding
turned off, then you're probably ok.  Otherwise, you might be exposing
more than you realize.  And same for machines on reaching
server B.  If you add a route on Client D to pass all
traffic to Client C, can Client D get to Server B?

- Chris

More information about the kwlug-disc mailing list