Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help needed for Clear net and OPENVPN running at same time

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fin100
      last edited by

      Story so far…. Complete numpty on routing – was happily running Tomato wrt on Asus ac68u in a setting which was adequate and worked well

      In new setting  want to duplicate this function with a 4 core 2.4ghz atom supermirco box with 4 nics and full 2.3.1 pfsense.

      What's requited is 3 wired networks one clear net to ISP and 2 separate OPENVPN client networks

      3 wireless networks 1 clear ISP net and 2 separate OPENVPN client nets.

      Networks with VPNs should disconnect from internet on failure of VPN

      Wifi AP 1 Unifi AP AC lite.

      In testing at moment with WAN connection coming out of another router as direct connecting (no pppoe – which will be required at later stage due to the purchase of dumb modem (vigor 130))

      Have looked at what documentation I can find but still having problems getting separation of clear net and VPN

      Interface setup at moment WAN, LAN, OPENVPN,  plus 2 unassigned nics

      NAT and firewall rules set to allow all protocols and addresses for all interfaces

      When WAN is set as default gateway I get only straight clear net with OPENVPN running

      Setting VPN to default gateway joins LAN to VPN service and WAN availability stops on VPN down (which what is needed)

      I was thinking I could bridge the LAN to VPN interface to get LAN output but that does not do it.

      I'm obviously missing something major here and just running around like a headless chicken changing setting without really understanding wtf I'm doing.

      If anyone could help explain what I should be doing to create 3 wired and 3 wif networks with 2 openvpn and 1 clear net  (wired mirrors wifi) it would be much appreciated

      1 Reply Last reply Reply Quote 0
      • W
        Wolf666
        last edited by

        You should set proper Outbound rules for each interface, setting the proper gateway, clear net or vpn.
        On vpn client you should add the option route-nopull, depends on the directives received from server.
        I have a working config with 2 clearnet subnet and 1 vpn, working fine with all traffic routed properly.

        Modem Draytek Vigor 130
        pfSense 2.4 Supermicro A1SRi-2558 - 8GB ECC RAM - Intel S3500 SSD 80GB - M350 Case
        Switch Cisco SG350-10
        AP Netgear R7000 (Stock FW)
        HTPC Intel NUC5i3RYH
        NAS Synology DS1515+
        NAS Synology DS213+

        1 Reply Last reply Reply Quote 0
        • F
          fin100
          last edited by

          Thats very interesting: I seem limited on what I can include on the vpn settings, route-nopull seems not to be liked by sever and fails connection.

          firewall and NAT seem ok - well everything allowed - maybe I need stated destination and source - was just relying on letting everything pass thru

          I have tried using a vlan tag for the other routes but when tagged on the Unifi AP that ssid fails to connect and the AP eventually becomes unstable, so a bit stuck now.

          Can you elaborate on your settings?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.