Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN in a gateway group

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      decibel83
      last edited by

      Hi.

      I have two sites connected together using a MPLS connection.
      I setted up the static routes which lets site1 to communicate to site2 using the MPLS connection:

      Site 1 - System - Static routes:
      Network 192.168.120.0/24
      Gateway GWMPLS - 192.168.140.1
      Interface MPLS

      Site 2 - System - Static routes:
      Network 192.168.130.0/24
      Gateway GWMPLS - 192.168.140.17
      Interface MPLS

      The connection between two sites works except when the MPLS connection is down, of course.

      Both sites can connect to Internet using each own WAN connection, so I setted up an OpenVPN Peer to Peer connection between two sites, without specifying any IPv4 remote network as static routes are already setted up through the MPLS network.

      Now I wish to use the OpenVPN connection as failover to the MPLS one, so I was thinking to solve the problem setting up a new gateway group with the MPLS gateway as tier 1 and the OpenVPN gateway as tier 2.

      But when I try to create a new gateway (System - Gateways) pfSense tells me that the specified gateway does not belong to any available subnet.

      How can I solve this problem?
      Could you help me please?
      Thank you very much, bye!

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        you can assign an interface to openvpn. pfsense then automagically creates a gateway for it

        1 Reply Last reply Reply Quote 0
        • D
          decibel83
          last edited by

          @heper:

          you can assign an interface to openvpn. pfsense then automagically creates a gateway for it

          Thank you very much, it worked.
          But now I have a problem with the firewall rules on that interface.
          I setted it up but I realized that rules on the OpenVPN "default" interface in firewall - rules are priority than rules setted in the newly created interface, even if in the firewall logs I see that blocked packets are coming from the newly created interface.

          Could you help me please?

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            remove all the rules on the openvpn tab / only put rules in the openvpn-interface tab

            1 Reply Last reply Reply Quote 0
            • D
              decibel83
              last edited by

              @heper:

              remove all the rules on the openvpn tab / only put rules in the openvpn-interface tab

              Thank you very much!
              It works!
              Bye!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.