Openvpn udp multiple WAN
-
I have two WAN interfaces. I configured openvpn. I allowed 1194/UDP to the interface IP for both WAN interfaces. I can only connect to the primary WAN interface from outside the network. I cannot connect to the 2nd WAN interface. How do I fix this?
-
A packet capture seems to indicate that UDP packets are recieved from the client, but none are sent back from pfsense.
-
I'm guessing the return packets are going out the other WAN interface?
-
I think you are correct from what I have read so far. Apparently openvpn cannot determine what interface UDP packets were received on, so it simply replies using the default interface.
1. Has this been fixed in newer releases of OpenVPN?
2. Is there an easy workaround to force OpenVPN to send UDP packets on my second WAN inteface? I don't want to have to switch them as that would bring everything offline and mean a lot of reconfiguration. I don't necessarily need the primary interface to work with OpenVPN. -
I figured out an answer to number 2. I simply added this line to the openvpn server configuration in the pfsense web interface:
local xxx.xxx.xxx.xxx;
where xxx.xxx.xxx.xxx is the address assigned to the secondary interface, which is the one I want to send openvpn's UDP packets. It would be nice to have the primary interface available just in case, though.
-
I just noticed that my workaround prevents it from working on the LAN interface, though. A better solution would be great.
-
Well you could put for local x.x.x.x the IP of the pfSense on the LAN side.
Then forward the ports via NAT from the WANs to the LAN IP. -
Of course! So simple, and now it works on ALL interfaces. Thanks.
-
Can you please explain where I can set the IP for the openVPN? I don't see any options on the tun interface configuration.
-
Set the "local" parameter in the custom options.
Read the man pages to OpenVPN if you need specifics. -
Ok thanks, I'm a "Newbie" here :)
Solution works fine!
-
nice work!thanks!