OpenVPN on another public ip address

jptferreira

@viragomann I'm using virtual ip addresses. I have a block of 5 statics that each is added as a Virtual Ip address under the firewall /Virtual Ips. Then I have Port forwards for each of of the services attached to each public ip. All working fine there. Have to use the 1:1 because of Voip requirements and some other services.
Besides this it is a very simple setup.
The VPN works great when the wizard is used and is set for the default public ip (not VIP because it is the default and not used for any other services).
If during the wizard I select another one of the public IP addresses I have it reaches the vpn server logs but won't connect. The same configuration but switching to the default ip works fine.
I hope this helps
Thanks

viragomann

@jptferreira
No. I was asking for the VIP type. pfSense offers four, I think. So which?

So the OpenVPN is running on pfSense itselft, no forwarding.

What is the OpenVPN configuration? What are your WAN rules?

jptferreira

@viragomann I apologize, I'm using IP aliases. for theVirtual IP addresses assigned to the wan interface.

Virtual IP Address
66.xx.xx.xx1/29 WAN IP Alias 66.xx.xx.xx1
66.xx.xx.xx2/29 WAN IP Alias 66.xx.xx.xx2
66.xx.xx.xx3/29 WAN IP Alias 66.xx.xx.xx3
66.xx.xx.xx4/29 WAN IP Alias 66.xx.xx.xx4
10.10.10.1/32 LAN IP Alias pfB DNSBL - DO NOT EDIT

The rule for the vpn is only one added by the wizard.
IPv4 UDP * * WAN address 1194(OpenVPN) * none OpenVPN pfSense OpenVPN Server Wizard

This one works fine because it isn't using any of the above VIPs.
The OpenVPN is running on pfsense. Having it running on another machine would be just a matter of performing a port forward and wouldn't be a problem but I'm trying to not have one machine running just for the vpn.
Thanks

viragomann

@jptferreira said in OpenVPN on another public ip address:

The rule for the vpn is only one added by the wizard.
IPv4 UDP * * WAN address 1194(OpenVPN) * none OpenVPN pfSense OpenVPN Server Wizard
This one works fine because it isn't using any of the above VIPs.

IP Aliases works as well for OpenVPN.

Since you might not need this rule from the wizard as you said, edit this rule and change the source IP to the desired virtual IP. Otherwise you can simply copy it by ticking this button
and change the destination.

Since you don't provide your OpenVPN settings I cannot give further hints.

A Former User

@jptferreira said in OpenVPN on another public ip address:

This one works fine because it isn't using any of the above VIPs.

publish your Wan side firewall rule

jptferreira

@silence on pfsense I still can't find an easy way to export settings besides taking screenshots... any hints on how to do it?
Thanks

A Former User

@jptferreira said in OpenVPN on another public ip address:

any hints on how to do it?

viragomann

@silence
Requesting the whole config seems quite dubious to me.

@jptferreira
There are many secrets inside this, you might not want to publish at all.

jptferreira

@viragomann thanks guys... I always remove anything that "shouldn't be there"
Really appreciate the quick replies!
JP

A Former User

@viragomann said in OpenVPN on another public ip address:

Requesting the whole config seems quite dubious to me.

It didn't ask him for his configuration, he asked for his wan-side firewall rules and I showed him how to make a backup since he asked.

@jptferreira said in OpenVPN on another public ip address:

@silence on pfsense I still can't find an easy way to export settings besides taking screenshots... any hints on how to do it?
Thanks

waiting firewall rules wan