Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn cloud site to site behind CGNAT and using BGP (working)

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 380 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      ddbnj
      last edited by ddbnj

      For those of us stuck behind CGNAT I was able to connect site to site using OpenVPN cloud service. It's free for up to 3 devices so site to site is perfect.

      There are instructions on openvpn cloud to set up pfsense clients. Once that is completed, the BGP setup was difficult.

      Other than ping, the tunnel endpoints do not pass any traffic addressed to the endpoints themselves. All traffic has to be destined to addresses behind the firewall.

      In order to get BGP working, you have to create a VIP on a completely different private address for the localhost interface. That will be the source locally and the destination remotely. You also have to change the update source on BGP neighbors and add multihop (2) to the neighbor config.

      If anyone has questions, post here. It does work though, and it's great if you want to do cellular failover without needing an addressable port on the destination server.

      1 Reply Last reply Reply Quote 1
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.