Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense OpenVPN Client with Multiple Connections/Tunnels

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 783 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      djtech2k
      last edited by

      I am running pfsense and I have OpenVPN client setup to connect to my VPN provider, IPVanish. I have pfsense configured so that when I add a device/ip to a specific alias, it will then send traffic over the established VPN. I have used it and it works. I recently created a 2nd OpenVPN connection from pfsense to another VPN tunnel. So my question is: Which VPN tunnel will the traffic go thru if I have 2 of them established? Am I able to control that or do I need to disconnect the one I don't want to use?

      I have the FW rule configured to use the IPVanish gateway. When the VPN1 is running, when I look at the rule, it shows the gateway name and IP. If I stop VPN1 and leave VPN2 running, the FW rule gateway just shows the gateway name and no IP. So this makes me think something is missing or not working properly.

      So I am looking for some advice/expertise on how to handle this situation where I may need to use different VPN tunnels at different times or for different traffic.

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        The traffic is routed via the gateway IP. So if you wanted traffic to via the second VPN you would need a policy routing rule using the VPN2 gateway.

        You can have a combination of rules to try to match your requirements. Like rules with schedules perhaps. And different alias groups. You could also use gateway groups to failover between the VPNs.

        D 1 Reply Last reply Reply Quote 0
        • D Offline
          djtech2k @stephenw10
          last edited by

          @stephenw10

          It’s been a while since I set this up so I’m trying to remember how I did it and how it works. I just glanced at it to refresh my memory but I am still missing a piece.

          I have an interface created, a gateway assigned to that interface, a firewall rule, an outbound nat rule, and an OpenVPN client configured and connected. That setup worked when I set it up so I’m sure it still does.

          The other day I wanted to connect to a different vpn tunnel so I created a 2nd vpn client connection and the status shows as connected. What I can’t remember is how the interface gets associated with the vpn client, and therefore is associated to the gateway.

          I have the interface and gateway to dynamic ip so I don’t set anything static. I am just missing something. I just want to be able to send traffic over the vpn that I want at the time that I want. Sure, I’d like to be able to do split tunneling but that’s not my top priority right now. Even if I have to manually flip between vpn tunnels, that would be good enough.

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            You have to assign the OpenVPN client as a new interface so pfSense sees it as a WAN. It will then create a dynamic gateway for it you can use in a policy routing rule.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.