pfSense 1 to pfSense 2 use internet from pfSense 2 via openVPN
-
dear team,
i have now created a openvpn connection between 2 pfSense.
pfsense1: 10.0.1.0/24 (client - P2P-SK)
pfsense2: 10.0.2.0/24 (server - P2P-SK)the openVPN tunnel was successfully build.
my plan is that only for one ip address in pfsense 1 should can use the pfsense2 wan ip-address.
i have tried with custom commands: redirect-gateway but then all my whole traffic (including other localy subnets from pfsense 1 will also break out to internet on pfsense2.i have 5 networks (LAN1, LAN2, LAN3, LAN4 and LAN5) on pfsense 1.
LAN5 = the 10.0.1.0/24.can anybody tell me how i can only redirect the gateway for 10.0.1.0/24 subnet?
thank you very much,
many greets
-
On pfSense1 assign an interface to the vpn instance (Interface > assign, below "available network ports" select to vpn client (ovpncX), hit Add, open the interface settings, check Enable and save the settings).
On the LAN5 add a firewall pass rule (or edit the existing one), source = LAN5 net, destination = any, do down and open the advanced options, go down to Gateway and select gateway which belongs to the interface you've added above.
Put this rule to the Top of the of the rule set.Let's call it 'policy routing': https://www.netgate.com/docs/pfsense/routing/directing-traffic-with-policy-routing.html
-
thank you for your answer. but i think, i am here unclear.
on pfsense1 LAN4 i have connected with my physikal machines on network port em4. this machines can currently reach the whole lan subnet from pfsense 2. but how i must here do with assigment? if i change from LAN4 - em4 to ovpnclient, then i dont have a connection between lan4 and em4 network?
my goal is that the whole traffic (from pfsens LAN4) should goes over vpn tunnel to pfsense2, and should break out there with the internet connection from pfsense2 wan. and the return is the same way, only from pfsense2 wan to pfsense1 lan devices.
on pfsense2 i only have created a virutal lan, beacuse i really only need the pfsense for wan breakout (there it should be no lan).
can u tell me what i am doing wrong? i can only select the WAN - GW in my pfsense firewall rule.
here my config:
pfsense1:
pfsense2:
thank you very much, many greets
-
Same thing, aside from that you now mentioned LAN4 to be routed over the VPN instead LAN5.
@mako said in pfSense 1 to pfSense 2 use internet from pfSense 2 via openVPN:
if i change from LAN4 - em4 to ovpnclient, then i dont have a connection between lan4 and em4 network?
You should not change the network port of an existing interface, but assign an additional interface to the vpn client.
Below next "Available network ports" select your vpn client (maybe it's the "OVPN SWISS" shown on the screenshot) and hit Add at the right side. Then open the new interface, check Enable and save it.Now go to you LAN rules edit the existing allow-any rule or add a new pass to the top of the rule set and select the OVPN gateway in the advanced settings.
Additionally you have to add an outbound NAT rule on pfSense2:
Interface = WAN, Source = 10.0.1.0/24 (the LAN from site 1), dest = any, Translation = Interface address.That does the magic.
-
Thank you,
i have mean LAN5 is my LAN4 (have done a mistake). have not get it working.
i have now done the following:
but i get back the wan ip address of the pfsense1, and not from pfsense2.
can u maybe tell me where i can have a issue?
THANK YOU VERY MUCH!
-
Maybe the rule doesn't match. Activate logging for debugging.
Is there a floating rule in place which matches first? -
thank you, no. i dont have a floating rule set.
but maybe my nat in pfsense 1 is wrong?
i have exact current the running configuration from my screenshots.have:
- assigned OPT4 (ovpnc2)
- have activated the OPT4 interface
- have set on LAN4 the FW rule with the ovpn gateway
- have checked the nat on pfsense2, but without a chance to get working.
what i made wrong?
can i delete all and do a freh config for this? where i can have the problems?
maybe nat? have manual outbound creation in use.
thank you!::
what i should check for logging? -
If the computer which you try to go out is connected to LAN4 it could never go out to WAN on site1 as there is no rule allowing that. The only one firewall rule on LAN4 permits only traffic to the VPN gateway.
Maybe you're using already opened connections. Try kill the states. Diagnostics > States > Reset States
-
dear! thank you, have now done that, but no better result.
if i disable the one and only firewall rule on lan 4, no internet is working on my clients.
but if i activate them, i get the wan ip from pfSense1 but i have selected the ovpn gateway in advanced settings tab.what do you mean where i should check as next?
thank you!
many greets
-
Please post Status > Gateways.
Site1. -
-
So you vpn gateway is not online, man.
Get your vpn up first.To avoid clients from going out WAN check the two options under "Gateway Monitoring" in System > Advanced > Miscellaneous
-
dear viragomann,
thankyou , the options are:
but what i dont know, why gateway is not up? the connection is estalished, or?
where i can have here an error? must i select an other thing on pfsense2 to get the gateway online?
configs are the same from my last screenshots, maybe can u see an error?it seems that the openvpn tunnel is online...
thank you thank you thank you thank you!
-
I don't know your vpn configs.
Check the vpn log for errors. -
Oh man, ... thank you very much. have created a fresh instance (have first remove the old one).
now all is working so perfect.THANK YOU so MUCH for you help!
Thanks!
have a nice day, many greets mako!
-
Glad to here it's working now.
