Using OpenVpn while pfsense is a secondary router with a mikrotik loadbalancer as the main router
-
Hello guys, i need help..I have two firewall routers in my network setup.One is a Mikrotik which i use for load balancing three internet links and the second is my pfsense which hands out dhcp leases to all clients.My main goal is to run openvpn on pfsense and login remotely but the issue i am facing is that the internet links are of different public ip addresses. Can this setup work since the clients keep on changing gateways automatically
-
@OpenWifi said in Using OpenVpn while pfsense is a secondary router with a tplink loadbalancer as the main router:
Can this setup work since the clients keep on changing gateways automatically
The question is, I guess : are they chaining their 'source' IP on their side ? That will break the existing connection.
Internet traffic, by nature, can change "routes", not source and destination IP during a connection. -
@Gertjan The gateway for all clients is through my pfsense box, but remember all three links are load balanced by Mikrotik then to pfsense as one Lan connection which inturn becomes the Wan of the pfsense router.
-
@OpenWifi said in Using OpenVpn while pfsense is a secondary router with a tplink loadbalancer as the main router:
load balanced
The balancing won't influence ones a connection created.
Just create 3 NAT rules on your Tick, one for each WAN port, an test it out.
-
@Gertjan kindly elaborate
-
You need to port forward on any WAN interface on your Micro.. Then point your "customers" at one of your WAN addresses. If you have 9 incoming then manually split them up. Maybe 3 apiece.
Don't let them change addresses.
-
@chpalmer i get you but remember that the pfsense is the one handing out the ip addresses to my clients and not the mikrotik
-
What is doing the VPN? Are you the VPN server or client side?
-
@chpalmer I am using OpenVpn client on my pfsense router
-
@OpenWifi said in Using OpenVpn while pfsense is a secondary router with a mikrotik loadbalancer as the main router:
client
That changes everything and should have been mentioned right away. I was presuming "server".
Things will get easier, thought : the client goes out on what ever WAN is available. If one WAN goes down, the connection goes down, and a new one will get greater over another WAN. -
@Gertjan i mean pfsense is the OpenVpn Server, and i have the OpenVpn App on my phone for remote logins. My worry is that since all the connections get loadbalance into one, then the VPN connection would be inconsistent, but i guess thats not true
-
@Gertjan I am stuck with the said setup of having NAT rules on my Mikrotik. What i would really love is to have my pfsense router accessible from the outside world
-
Then do what we all do :
Set up OpenVPN server on your pfSEnse. See all the Netgate video's about the subject. A recent vodeo explains everything in 300 seconds.
And : because you have an upstream router : on that device (Microtick) NAT port 1194 - protocol UDP on that router to the LAN device == pfSense (that is the WAN IP of pfSense).
Btw : typically, you don't want to have a router in front of a router. But it's very manageable.
-
@Gertjan Thank You for the suggestion..i have a plan to either switch off the NAT of the Mikrotik router and make it act as a bridge..But will that still allow it to act as a Loadbalancer of the three WANS ?
-
Hello everyone, i think i found the solution for this. I will try to use the Mikrotik as the loadbalancer of the 3 Wan connections and pfsense as the lease handler as my initial setup is. Although i am going to physically Bypass the Mikrotik router, connect the second Wan interface of my pfsense directly to my service provider main router. This second Wan would act as the link for Openvpn only and not a gateway to the Lan clients on the pfsense box