Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Change OpenVPN Outgoing IP

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spm002
      last edited by

      Good Morning, my question is simple, yet for some reason I cannot seem to find anything or help on it in regards to pfsense.
      I have an OpenVPN setup that uses tcp  to connect clients to WAN1 92.60.xxx.1 and outbound routes through that NAT so when they go to check their IP it will show the 92.60.xxx.1 (default and normal setup)

      Now my question is. I have 2 WAN Adapters, WAN1 adapter with 92.60.xxx.1 the WAN2 adapter with 92.60.xxx.2 How can I get it so all tcp  connections to the OpenVPN are made using WAN1 of 92.60.xxx.1 but the outboung (and which they see their IP) to use WAN2 of 92.60.xxx.2

      So to cut a long story short. All I want to do is accept incoming OpenVPN clients on one IP, But all their outbound traffic gets sent on the other IP (As I have multiple WANS With different IPs)

      Assistance would be greatly appreciated, Thank You.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        So I guess, WAN1 is your default route.

        If you want to direct traffic to another gateway as the default, you need a policy routing rule. https://doc.pfsense.org/index.php/What_is_policy_routing
        On the OpenVPN interface (or that one which you have assigned to the vpn server) edit the default any to any rule, open the advanced options, go to gateway and select the WAN2 GW.

        If you also need access to internal networks or to pfSense itself you need an additional rule on the top of the rule set without the gateway set. Look here for details: https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

        1 Reply Last reply Reply Quote 0
        • S
          spm002
          last edited by

          Hi, thanks for the reply.
          I tried to follow it how you said it, but when i route it to NAT2 outbound connections cease to work. (Could this be because its still trying to go through NAT1?)

          Heres the setup ive tried so far. going to Firewall -> Rules ->OpenVPN and adding the gateway in advance settings.
          Even in Firewall -> Rules -> WAN1 i have also modified the gateway option under advanced settings .

          Or could it be that i may have the gateway section incorrect
          Ive tried playing around a bit with the gateway and adding different ones with different options, But it may be wrong.

          http://imgur.com/4iqtCJf

          And when im in firewall -> Rules -> NAT/OpenVPN i set one of those gateways for both of them, but it doesnt work.
          My guess Is i may have the gateways in the first pic wrong?
          Thanks.

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            @spm002:

            Even in Firewall -> Rules -> WAN1 i have also modified the gateway option under advanced settings .

            There is no gateway to be set on WAN rules! The policy routing is only meaningful for outgoing traffic.

            @spm002:

            Ive tried playing around a bit with the gateway and adding different ones with different options, But it may be wrong.

            You can not set as gateway what you want. Not every IP can be a gateway. When you get a public IP from your ISP you also get a gateway IP. This is the device to which your router has to send upstream traffic. You should know that address.

            So you should have a WAN2 IP and a WAN2 GW. In the firewall rule for the upstream traffic you have to set the WAN2 GW to route the upstream traffic to it. In Firewall > NAT > outbound you have to set a rule on WAN2 interface with source any or a particular network like the vpn tunnel network and translation address = interface address (WAN2 IP).

            1 Reply Last reply Reply Quote 0
            • S
              spm002
              last edited by

              All sorted, Thank you very much for your time and support, Much appreciated!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.