Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN and Multi-WAN

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 546 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      michaelschefczyk
      last edited by

      Dear All,

      For years, I am using 2 CARP routers (currently pfSense 2.4.1) in two locations connected via OpenVPN. Both sets of routers have 2 WANs. Ideally, I would like to use OSPF in a setting like it is described in the book (https://portal.pfsense.org/docs/book/openvpn/openvpn-and-multi-wan.html?highlight=ospf). However, I am unable to implement that so far.

      As no one responded to my post unter routing and multi WAN last year (https://forum.pfsense.org/index.php?topic=110971.msg617840), I am trying again here.

      The LAN (virtual) IPs to be connected are 192.168.1.1 <-> 192.168.12.1. The devices have LAN IPs 192.168.1.78, 192.168.1.79, 192.168.12.78 and 192.168.12.79 respectively.

      Normally (working for years), I am using no OSPF routing, and OpenVPN config with "IPv3 Remote Network(s)" filled in, tunnel networks 192.168.18.0/30 and 192.168.19.0/30 for the two connections and a net30 topology.

      Then, the routing table does contain (on one side, the other one being similar):

      192.168.12.0/24  192.168.18.2  UGS  … ... ovpns3
      192.168.18.1        link#16          UHS  ... ... lo
      192.168.18.2        link#16          UH    ... ... ovpns3
      192.168.19.1        link#17          UHS  ... ... lo
      192.168.19.2        link#17          UH    ... ... ovpns4

      All hosts in 192.168.1.0 and 192.168.12.0 do see each other.

      Alternatively with OSPF based on package FRR 0.0.3, deleted "IPv4 Remote network(s)"in OpenVPN config, I assume that "IPv4 Local network(s)" on the server side can stay, I enabled OSPF and cleared states after making the change.

      Then, each router can ping each host at the other end without issues. However, hosts on the one side can - unlike the routers themselves - no longer ping hosts on the other side.

      FRR/OSPF status does show:

      OPSF Neighbors
      Neighbor ID    Pri State          Dead Time Address        Interface            RXmtL RqstL DBsmL
      192.168.12.78    1 Full/DROther      38.242s 192.168.18.2    ovpns3:192.168.18.1      0    0    0
      192.168.12.78    1 Full/DROther      38.416s 192.168.19.2    ovpns4:192.168.19.1      0    0    0
      OPSF Routes
      ============ OSPF network routing table ============
      N    192.168.1.0/24        [10] area: 0.0.0.0
                                directly attached to lagg0
      N    192.168.12.0/24      [20] area: 0.0.0.0
                                via 192.168.18.2, ovpns3

      ============ OSPF router routing table =============

      ============ OSPF external routing table ===========

      The routing table contains (almost identical, just flag UG1 instead of UGS in first line):

      192.168.12.0/24  192.168.18.2  UG1  … ... ovpns3
      192.168.18.1        link#16          UHS  ... ... lo
      192.168.18.2        link#16          UH    ... ... ovpns3
      192.168.19.1        link#17          UHS  ... ... lo
      192.168.19.2        link#17          UH    ... ... ovpns4

      Can someone please point me to how to enable full connectivity again (i.e., each host in 192.168.1.1 should see each host in 192.168.12.1 and vice versa)?

      Regards,

      Michael Schefczyk

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.