[SOLVED] Connect a pfsense to two OpenVPN servers
-
Hi guys,
I do not speak English, but I could not solve my problem in the forum of my native language.
I try to be to the point.
I have a pfsense needing to connect to two different servers openvpns. This work on linux centos7.
I need the client network, route traffic to the two connected tunels.
Internet should go for my LAN interface, while traffic destined for the VPN networks should leave for their respective tunnel.
I will do this through NAT.
My problem is as follows:
The two VPN are already configured, and routing for each tunnel works perfectly. However, when the two vpn are simultaneously working, access the internet on my LAN is not available. I made the necessary checks, check on NAT configuration, firewall rules, configuring each VPN. It's something I can not understand.
What I think is most likely NAT problem, specifically in the order of the rules.
I would like at least to know if anyone has had this problem. If so, tell us how solved the problem.
my post in the portuguese forum. https://forum.pfsense.org/index.php?topic=110036.0
-
check your settings on the vpn client config.
mark the option for "don't pull routes" in the client config. else the vpn tells your pfsense to route all traffic through the vpn.
-
after 2 days i made my day, two vpn simultaneously working ;)
When you run vpn's, are you able to ping 8.8.8.8 from LAN?
Maybe its a dns problem?
-
No, I can not ping. I had conducted the tests. I can not access by IP or DNS name.
Very strange.
Look at the customer settings.
VPN 1
VPN 2
The VPN2 is disconnected and disabled because if I connect the internet falls.
Therefore only VPN1 is connected. -
Maybe this help, I have very similar conf. My LAN is 192.168.1.0/24
To setup correctly my VPN i did just 2 things:
1. Set Correct VPN clients settings, check logs
2. Create a NAT for VPN
Try remove Tunnel settings, mb this help
-
Sorted out.
As imagined, the problem was routes. I had realized that was intermittent. An hour traffic going through a VPN, another hour went by another.
The solution was to mark the option that our friend posted verdi. "don't pull routes".
I did it in the second VPN and normalized access instantly.
Now the internet will for my WAN and the access of the VPNs will by their respective interface through NAT.