DD-WRT Wireless router in bridged mode, built-in OpenVPN, and PfSense issues.



  • Hi all,

    I am a beginner with pfSense and networking as a whole, so please bear with me. Most probably this is child's play for many of you, but I am having trouble getting the following to work:

    I have a Buffalo wireless router that is running on dd-wrt firmware. I have a VPN account with Witopia, and I have configured it on the  router. The OVPN works fine when the device is in gateway mode and is directly connected to the modem. However, when I configure the router to forward DHCP with pfSense functioning as the main router (essentially set the wireless router in bridged mode to function like an AP), openvpn client on the router can establish a connection with the Witopia server (or so it seems), but I still get my local ISP's IP. The reason I am not setting up openvpn client on the pfSense itself is that it I want to have the ability of simply disabling and enabling the client, which is possible in dd-wrt. But within pfSense, I have to configure the client, the interface, firewalls rules, and outbound NAT. It just complicates the situation for the occasional need of a VPN connection.  I can furnish you with more detail if you think you might be interested to help me out.

    Other details are: I have setup MultiWan on pfSense with three DSL connections. Firewall rules are nothing special except for the loadbalancing and failover.

    Thanks in advance!



  • @aah57:

    I have to configure the client, the interface, firewalls rules, and outbound NAT.

    You got that right.
    There's buttons for starting/stopping in Status>Openvpn. It's easy. DD-WRT doesn't have that, I think.



  • Hi, considering the additional firewall rules and NAT config, I don't think it's that easy to turn off and on the VPN connection inside pfSense. What happens to the NAT config and firewall rules (which should sit pretty much on top of everything else) when I disable the VPN connection?



  • You want to use the VPN when it's up, and your direct gateway when the VPN is down?

    Create a failover pool (system–>routing) with your VPN as primary and your ISP as secondary.
    It will use the gateway of the VPN when it's up, and the ISP gateway when the VPN is down.



  • @GruensFroeschli:

    You want to use the VPN when it's up, and your direct gateway when the VPN is down?

    Create a failover pool (system–>routing) with your VPN as primary and your ISP as secondary.
    It will use the gateway of the VPN when it's up, and the ISP gateway when the VPN is down.

    Hi GrunesFroeschli,

    What about the NAT outbound rules? While the VPN is disabled wouldn't those create issues for the my default gateway ?



  • @aah57:

    I have to configure the client, the interface, firewalls rules, and outbound NAT.

    Nothing more to do. When I stop Openvpn client, it uses the default gateway instead (no vpn).
    Enable "Don't add or remove routes automatically" in the openvpn client, and make LAN rules.

    ![Firewall_ Rules_ LAN.jpg](/public/imported_attachments/1/Firewall_ Rules_ LAN.jpg)
    ![Firewall_ Rules_ LAN.jpg_thumb](/public/imported_attachments/1/Firewall_ Rules_ LAN.jpg_thumb)



  • OK. So, thanks for the help guys. I got it to work, even though we still went with the way of setting up pfSense as opposed to the dd-wrt wireless router itself. I needed to make a few tweaks such as defining specific DNS addresses and tying them up with vpn gateway and configuring a specific MTU inside the VPN interface. Now, where I think I have messed up is I have three DSL connections that are setup as MultiWAN (loadbalance, and failovers). I set the VPN to use only the default gateway and not the loadbalance gateway. However, I believe now all traffic is traveling through the one gateway and not through loadbalance.  I have attached a snapshot of both the NAT rules and firewall rules. Any help would be much appreciated.

    ![gateway groups.png](/public/imported_attachments/1/gateway groups.png)
    ![gateway groups.png_thumb](/public/imported_attachments/1/gateway groups.png_thumb)
    ![Firewall LAN rules.png](/public/imported_attachments/1/Firewall LAN rules.png)
    ![Firewall LAN rules.png_thumb](/public/imported_attachments/1/Firewall LAN rules.png_thumb)
    ![NAT rules.png](/public/imported_attachments/1/NAT rules.png)
    ![NAT rules.png_thumb](/public/imported_attachments/1/NAT rules.png_thumb)



  • Most probably, this is a firewall rule issue. As soon as I disabled the firewall rule pertinent to ovpn, the speed tripled. Any ideas?