Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help needed for Clear net and OPENVPN running at same time

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      fin100
      last edited by

      Story so far…. Complete numpty on routing – was happily running Tomato wrt on Asus ac68u in a setting which was adequate and worked well

      In new setting  want to duplicate this function with a 4 core 2.4ghz atom supermirco box with 4 nics and full 2.3.1 pfsense.

      What's requited is 3 wired networks one clear net to ISP and 2 separate OPENVPN client networks

      3 wireless networks 1 clear ISP net and 2 separate OPENVPN client nets.

      Networks with VPNs should disconnect from internet on failure of VPN

      Wifi AP 1 Unifi AP AC lite.

      In testing at moment with WAN connection coming out of another router as direct connecting (no pppoe – which will be required at later stage due to the purchase of dumb modem (vigor 130))

      Have looked at what documentation I can find but still having problems getting separation of clear net and VPN

      Interface setup at moment WAN, LAN, OPENVPN,  plus 2 unassigned nics

      NAT and firewall rules set to allow all protocols and addresses for all interfaces

      When WAN is set as default gateway I get only straight clear net with OPENVPN running

      Setting VPN to default gateway joins LAN to VPN service and WAN availability stops on VPN down (which what is needed)

      I was thinking I could bridge the LAN to VPN interface to get LAN output but that does not do it.

      I'm obviously missing something major here and just running around like a headless chicken changing setting without really understanding wtf I'm doing.

      If anyone could help explain what I should be doing to create 3 wired and 3 wif networks with 2 openvpn and 1 clear net  (wired mirrors wifi) it would be much appreciated

      1 Reply Last reply Reply Quote 0
      • W Offline
        Wolf666
        last edited by

        You should set proper Outbound rules for each interface, setting the proper gateway, clear net or vpn.
        On vpn client you should add the option route-nopull, depends on the directives received from server.
        I have a working config with 2 clearnet subnet and 1 vpn, working fine with all traffic routed properly.

        Modem Draytek Vigor 130
        pfSense 2.4 Supermicro A1SRi-2558 - 8GB ECC RAM - Intel S3500 SSD 80GB - M350 Case
        Switch Cisco SG350-10
        AP Netgear R7000 (Stock FW)
        HTPC Intel NUC5i3RYH
        NAS Synology DS1515+
        NAS Synology DS213+

        1 Reply Last reply Reply Quote 0
        • F Offline
          fin100
          last edited by

          Thats very interesting: I seem limited on what I can include on the vpn settings, route-nopull seems not to be liked by sever and fails connection.

          firewall and NAT seem ok - well everything allowed - maybe I need stated destination and source - was just relying on letting everything pass thru

          I have tried using a vlan tag for the other routes but when tagged on the Unifi AP that ssid fails to connect and the AP eventually becomes unstable, so a bit stuck now.

          Can you elaborate on your settings?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.