Change OpenVPN Outgoing IP
-
Good Morning, my question is simple, yet for some reason I cannot seem to find anything or help on it in regards to pfsense.
I have an OpenVPN setup that uses tcp to connect clients to WAN1 92.60.xxx.1 and outbound routes through that NAT so when they go to check their IP it will show the 92.60.xxx.1 (default and normal setup)Now my question is. I have 2 WAN Adapters, WAN1 adapter with 92.60.xxx.1 the WAN2 adapter with 92.60.xxx.2 How can I get it so all tcp connections to the OpenVPN are made using WAN1 of 92.60.xxx.1 but the outboung (and which they see their IP) to use WAN2 of 92.60.xxx.2
So to cut a long story short. All I want to do is accept incoming OpenVPN clients on one IP, But all their outbound traffic gets sent on the other IP (As I have multiple WANS With different IPs)
Assistance would be greatly appreciated, Thank You.
-
So I guess, WAN1 is your default route.
If you want to direct traffic to another gateway as the default, you need a policy routing rule. https://doc.pfsense.org/index.php/What_is_policy_routing
On the OpenVPN interface (or that one which you have assigned to the vpn server) edit the default any to any rule, open the advanced options, go to gateway and select the WAN2 GW.If you also need access to internal networks or to pfSense itself you need an additional rule on the top of the rule set without the gateway set. Look here for details: https://doc.pfsense.org/index.php/Bypassing_Policy_Routing
-
Hi, thanks for the reply.
I tried to follow it how you said it, but when i route it to NAT2 outbound connections cease to work. (Could this be because its still trying to go through NAT1?)Heres the setup ive tried so far. going to Firewall -> Rules ->OpenVPN and adding the gateway in advance settings.
Even in Firewall -> Rules -> WAN1 i have also modified the gateway option under advanced settings .Or could it be that i may have the gateway section incorrect
Ive tried playing around a bit with the gateway and adding different ones with different options, But it may be wrong.And when im in firewall -> Rules -> NAT/OpenVPN i set one of those gateways for both of them, but it doesnt work.
My guess Is i may have the gateways in the first pic wrong?
Thanks.
-
Even in Firewall -> Rules -> WAN1 i have also modified the gateway option under advanced settings .
There is no gateway to be set on WAN rules! The policy routing is only meaningful for outgoing traffic.
Ive tried playing around a bit with the gateway and adding different ones with different options, But it may be wrong.
You can not set as gateway what you want. Not every IP can be a gateway. When you get a public IP from your ISP you also get a gateway IP. This is the device to which your router has to send upstream traffic. You should know that address.
So you should have a WAN2 IP and a WAN2 GW. In the firewall rule for the upstream traffic you have to set the WAN2 GW to route the upstream traffic to it. In Firewall > NAT > outbound you have to set a rule on WAN2 interface with source any or a particular network like the vpn tunnel network and translation address = interface address (WAN2 IP).
-
All sorted, Thank you very much for your time and support, Much appreciated!