Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DD-WRT Wireless router in bridged mode, built-in OpenVPN, and PfSense issues.

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      aah57
      last edited by

      Hi all,

      I am a beginner with pfSense and networking as a whole, so please bear with me. Most probably this is child's play for many of you, but I am having trouble getting the following to work:

      I have a Buffalo wireless router that is running on dd-wrt firmware. I have a VPN account with Witopia, and I have configured it on the  router. The OVPN works fine when the device is in gateway mode and is directly connected to the modem. However, when I configure the router to forward DHCP with pfSense functioning as the main router (essentially set the wireless router in bridged mode to function like an AP), openvpn client on the router can establish a connection with the Witopia server (or so it seems), but I still get my local ISP's IP. The reason I am not setting up openvpn client on the pfSense itself is that it I want to have the ability of simply disabling and enabling the client, which is possible in dd-wrt. But within pfSense, I have to configure the client, the interface, firewalls rules, and outbound NAT. It just complicates the situation for the occasional need of a VPN connection.  I can furnish you with more detail if you think you might be interested to help me out.

      Other details are: I have setup MultiWan on pfSense with three DSL connections. Firewall rules are nothing special except for the loadbalancing and failover.

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • P Offline
        pf3000
        last edited by

        @aah57:

        I have to configure the client, the interface, firewalls rules, and outbound NAT.

        You got that right.
        There's buttons for starting/stopping in Status>Openvpn. It's easy. DD-WRT doesn't have that, I think.

        1 Reply Last reply Reply Quote 0
        • A Offline
          aah57
          last edited by

          Hi, considering the additional firewall rules and NAT config, I don't think it's that easy to turn off and on the VPN connection inside pfSense. What happens to the NAT config and firewall rules (which should sit pretty much on top of everything else) when I disable the VPN connection?

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG Offline
            GruensFroeschli
            last edited by

            You want to use the VPN when it's up, and your direct gateway when the VPN is down?

            Create a failover pool (system–>routing) with your VPN as primary and your ISP as secondary.
            It will use the gateway of the VPN when it's up, and the ISP gateway when the VPN is down.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • A Offline
              aah57
              last edited by

              @GruensFroeschli:

              You want to use the VPN when it's up, and your direct gateway when the VPN is down?

              Create a failover pool (system–>routing) with your VPN as primary and your ISP as secondary.
              It will use the gateway of the VPN when it's up, and the ISP gateway when the VPN is down.

              Hi GrunesFroeschli,

              What about the NAT outbound rules? While the VPN is disabled wouldn't those create issues for the my default gateway ?

              1 Reply Last reply Reply Quote 0
              • P Offline
                pf3000
                last edited by

                @aah57:

                I have to configure the client, the interface, firewalls rules, and outbound NAT.

                Nothing more to do. When I stop Openvpn client, it uses the default gateway instead (no vpn).
                Enable "Don't add or remove routes automatically" in the openvpn client, and make LAN rules.

                ![Firewall_ Rules_ LAN.jpg](/public/imported_attachments/1/Firewall_ Rules_ LAN.jpg)
                ![Firewall_ Rules_ LAN.jpg_thumb](/public/imported_attachments/1/Firewall_ Rules_ LAN.jpg_thumb)

                1 Reply Last reply Reply Quote 0
                • A Offline
                  aah57
                  last edited by

                  OK. So, thanks for the help guys. I got it to work, even though we still went with the way of setting up pfSense as opposed to the dd-wrt wireless router itself. I needed to make a few tweaks such as defining specific DNS addresses and tying them up with vpn gateway and configuring a specific MTU inside the VPN interface. Now, where I think I have messed up is I have three DSL connections that are setup as MultiWAN (loadbalance, and failovers). I set the VPN to use only the default gateway and not the loadbalance gateway. However, I believe now all traffic is traveling through the one gateway and not through loadbalance.  I have attached a snapshot of both the NAT rules and firewall rules. Any help would be much appreciated.

                  ![gateway groups.png](/public/imported_attachments/1/gateway groups.png)
                  ![gateway groups.png_thumb](/public/imported_attachments/1/gateway groups.png_thumb)
                  ![Firewall LAN rules.png](/public/imported_attachments/1/Firewall LAN rules.png)
                  ![Firewall LAN rules.png_thumb](/public/imported_attachments/1/Firewall LAN rules.png_thumb)
                  ![NAT rules.png](/public/imported_attachments/1/NAT rules.png)
                  ![NAT rules.png_thumb](/public/imported_attachments/1/NAT rules.png_thumb)

                  1 Reply Last reply Reply Quote 0
                  • A Offline
                    aah57
                    last edited by

                    Most probably, this is a firewall rule issue. As soon as I disabled the firewall rule pertinent to ovpn, the speed tripled. Any ideas?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.