OpenVPN and two pfSense
-
Hopefully this may spark something:
If I disable either of the OpenVPN client interfaces (either OPT1 or OPT2) the OPT3 (Server) will now pass Internet traffic. As soon as I re-enable (and make sure all are up) then the VPN will stop passing traffic. I've made no other changes other than disabling one of the client VPNs.
Are there known issues running multiple OpenVPN connections on a single pfSense system?
Update: I've attempted to remove all the interfaces, disable all the VPNs then reboot and recreate all. Same problem with no internet being passed by the OpenVPN Server (OPT3)
-
Another interesting thing:
If I connect to the OPT3 (server) and then stop and restart either of the other two (clients) using "Status:OpenVPN" then internet traffic will pass.
Once I disconnect from OPT3 then reconnect traffic will no longer pass (unless I stop/restart again).
-
I do not get what's the point of assigning the OPT3 interface at all.
-
…here is a tutorial promoting an OPT interface for openVPN setup if you want to route all traffic through your tunnel
https://forum.pfsense.org/index.php?topic=76015.0
:-)
-
I do not get what's the point of assigning the OPT3 interface at all.
I thought I required an interface defined to the OpenVPN server - I removed it…
Same problem persists - with both the clients up I cannot see internet traffic on the OpenVPN client. Once one is disabled the traffic passes.
-
From my experience: Debugging VPN at this level is PITA. Start from scratch and do only the absolute necessary (preferably without wizzard for site-to-site) or import the config from the working pfSense. Everything else is usually a waste of time…
-
Problem persists - with both the clients up I cannot see internet traffic on the OpenVPN client. Once one is disabled the traffic passes.
What do you mean? Are you trying to push all traffic via two different VPNs like some load ballancing?! Yeah obviously it will cause huge amount of trouble!
-
From my experience: Debugging VPN at this level is PITA. Start from scratch and do only the absolute necessary (preferably without wizzard for site-to-site) or import the config from the working pfSense. Everything else is usually a waste of time…
The issues are actually on both boxes. Once both clients are connected then the server does not pass internet traffic. This occurs on both systems (VM or box)
-
Once both clients are connected then the server does not pass internet traffic. This occurs on both systems (VM or box)
"does not pass internet traffic" from where? LAN? VPN clients? I don't even get what is not working in your setup…
-
I don't even get what is not working in your setup…
No wonder, with terminology like "see internet traffic on client". Why should some OpenVPN client "see internet traffic"?