One WAN connection with several OpenVPN clients



  • Greetings everyone,

    I am attempting a rather complex setup and need some assistance from the community please.

    I attempted following https://forum.pfsense.org/index.php?topic=130657.msg719478#msg719478 cause my issue is similar but I didn't have any success.

    Here is my set up.

    Interfaces: WAN interface, LAN interface, GuestNetwork, VPN1, VPN2, VPN3.

    I have a Gateway for each interface.

    I am not certain that I need a gateway group like suggested in the linked post.

    I am routing VLANs that are set up on my switches (but not on pfsense) to the interfaces which are each on their own subnet and are handing out dhcp.

    Here is what I am trying to do.

    I would like each interface(with it's own VLAN) to go out of WAN using a separate VPN client. The VLAN traffic also needs to be able to talk to each other.

    Here is the network map as I understand it.. yet I can not get it to work properly. I keep sending all traffic over one VPN only. There is also a VLAN (the LAN interface) that I do not wish to use the a VPN client, the LAN interface/VLAN should travel out to WAN using normal ISP - no tunnel.

    client>switch>VLAN assignment>dhcp lease from interface>option1 route to other machines on the VLAN #this part is working fine

    client>switch>VLAN assignment>dhcp lease from interface>option2 route to WAN via OpenVPN client1

    client>switch>VLAN assignment>dhcp lease from interface>option3 route to WAN via OpenVPN client2

    client>switch>VLAN assignment>dhcp lease from interface>option4 route to WAN via OpenVPN client3

    client>switch>VLAN assignment>dhcp lease from interface>option5 route to WAN not using a VPN client.

    As I understand it I need a Gateway for each interface (in the pictures you will see they are not all set up once I get one working I can duplicate for the others). I am not sure what interface to assign to the OpenVPN client. I am not sure if what I am looking for is a interface bridge or a gateway group? I am also not sure what firewall rules to use?

    I will attach screen shots what I have that is not working.

    Attachment 1 I know I have the client disabled that is because if I enable it I will have all traffic going out of VPN which doesn't work for my organization. I tried changing the interface to VPN1 and that didn't work.

    Attachment 2 these are my outbound NAT rules. (I am sure you are going to shake you heads, sorry.. I am learning)

    Attachment 3-8 these are my firewall rules for interfaces: WAN, LAN, GuestNetwork(which I would like to use one of the VPN clients to WAN), VPN1, VPN2 (aka VPNForiegn), OpenVPN

    Attachment 9 Gateways

    Attachment 10 static route (I am not sure if I even need this)

    I have no gateway groups set up, interface bridges, or VLANs (on pfsense, VLANs are on my switches).

    I hope someone can suggest how to set this up properly. Thanks everyone. My firewall rules, NAT, gateways etc are all kind of messed up from trouble shooting a bunch of things and so I am sure there are a lot of things that are just not correct. I appreciate any help. Thank you so much!

    In my OP the attachments didn't attach. trying again.  :)




















Log in to reply