• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Help needed for Clear net and OPENVPN running at same time

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
3 Posts 2 Posters 992 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fin100
    last edited by May 22, 2016, 4:55 PM

    Story so far…. Complete numpty on routing – was happily running Tomato wrt on Asus ac68u in a setting which was adequate and worked well

    In new setting  want to duplicate this function with a 4 core 2.4ghz atom supermirco box with 4 nics and full 2.3.1 pfsense.

    What's requited is 3 wired networks one clear net to ISP and 2 separate OPENVPN client networks

    3 wireless networks 1 clear ISP net and 2 separate OPENVPN client nets.

    Networks with VPNs should disconnect from internet on failure of VPN

    Wifi AP 1 Unifi AP AC lite.

    In testing at moment with WAN connection coming out of another router as direct connecting (no pppoe – which will be required at later stage due to the purchase of dumb modem (vigor 130))

    Have looked at what documentation I can find but still having problems getting separation of clear net and VPN

    Interface setup at moment WAN, LAN, OPENVPN,  plus 2 unassigned nics

    NAT and firewall rules set to allow all protocols and addresses for all interfaces

    When WAN is set as default gateway I get only straight clear net with OPENVPN running

    Setting VPN to default gateway joins LAN to VPN service and WAN availability stops on VPN down (which what is needed)

    I was thinking I could bridge the LAN to VPN interface to get LAN output but that does not do it.

    I'm obviously missing something major here and just running around like a headless chicken changing setting without really understanding wtf I'm doing.

    If anyone could help explain what I should be doing to create 3 wired and 3 wif networks with 2 openvpn and 1 clear net  (wired mirrors wifi) it would be much appreciated

    1 Reply Last reply Reply Quote 0
    • W
      Wolf666
      last edited by May 23, 2016, 10:05 AM

      You should set proper Outbound rules for each interface, setting the proper gateway, clear net or vpn.
      On vpn client you should add the option route-nopull, depends on the directives received from server.
      I have a working config with 2 clearnet subnet and 1 vpn, working fine with all traffic routed properly.

      Modem Draytek Vigor 130
      pfSense 2.4 Supermicro A1SRi-2558 - 8GB ECC RAM - Intel S3500 SSD 80GB - M350 Case
      Switch Cisco SG350-10
      AP Netgear R7000 (Stock FW)
      HTPC Intel NUC5i3RYH
      NAS Synology DS1515+
      NAS Synology DS213+

      1 Reply Last reply Reply Quote 0
      • F
        fin100
        last edited by May 24, 2016, 2:15 PM May 23, 2016, 8:01 PM

        Thats very interesting: I seem limited on what I can include on the vpn settings, route-nopull seems not to be liked by sever and fails connection.

        firewall and NAT seem ok - well everything allowed - maybe I need stated destination and source - was just relying on letting everything pass thru

        I have tried using a vlan tag for the other routes but when tagged on the Unifi AP that ssid fails to connect and the AP eventually becomes unstable, so a bit stuck now.

        Can you elaborate on your settings?

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received