2 WANs and 2 gateways for OVPN

happynewguy

Hello all!
I've a 2 WAN connections. I'm trying to set up 2 different gateways for my 2 OVPN servers:
VPN_ OpenVPN_ Servers.png
FW>Rules>OVPN like this:
VPN_ OpenVPN_ Servers1.png

those, different gateways for 2 different OVPN servers are specified.

i also created rules for outbound:
VPN_ OpenVPN_ Servers2.png

But, when connected via OVPN1 (in my case gateway 2) - there is no internet access and private network.

The first OVPN server is running successfully (WAN & LAN are ok)

Any ideas what is causing this?

viragomann

@happynewguy
To rule out a DNS issue try to access an IP address from the VPN client.

happynewguy

@viragomann
I'm sorry, but my situation has changed.
Now for my 2 OVPN servers are assigned to 2 WAN connections. It's ok.
Clients have internet access. All OK.
But the clients do not have access to the private network. All resources (samba) unavailable.
I route all traffic through the gateway.
VPN_ OpenVPN_ Servers3.png
I feel that the problem is somewhere in the FW rules, but I don't know where exactly. Any ideas?

viragomann

@happynewguy
Your firewall rules direct any traffic ouzto the WAN gateways.

To pass traffic to local destinations you need to add an additional rule without a gateway stated to the top of the rule set.

happynewguy

@viragomann
Like this?
VPN_ OpenVPN_ Servers4.png

Unfortunately, in this version, the OVPN client connected via WAN_D or WAN_W receives external IP addresses of WAN_D or WAN_W. Has internet access but no private network access.

When I disable 2 rules where gateways are specified, OVPN clients ALWAYS get the WAN_D - IP address.

In this option, OVPN clients have both - Internet and private network.

viragomann

@happynewguy
No. Remember that if a rule matches to the traffic it is applied and no further rules are probed.
That means you have to care that each rule only matches to the desired traffic.

Since your both policy routing rules catches all OpenVPN traffic and direct it out to WAN, you have to set the rule for LAN access above of the others, but you must modify the destination so that it only matches to local networks.

So when you only have one local subnet, that is easy. Edit the rule and set the destination to "LAN net". Then move the rule to the top of the rule set. Ensure to save the settings after.

happynewguy

@viragomann
Yeeees! It works!
I just added the destination in the first rule - local network.
Now clients get van1 and van2 ip addresses, as I wanted to separate and have access to the private network.

VPN_ OpenVPN_ Servers5.png

Thank you very much for the help!!!