Assign Interface at the CLI/Script

  • Hi All,

    Appreciate that i am new here and was hoping for some help with something that has been bugging me for some time, all help much appreciated.

    I'm new here but have been using pfSense for quite a few years at home and in production environments. I use a VPN provider at home and have everything setup perfectly except one point. I have 3 separate VPN client tunnels setup and wish to regularly rotate amongst them, at the moment i achieve this by changing my VPN Interface assignment to the next OVPN Port on the list then restarting the OVPN service, this works but i was looking to write something to automate it via a script/cron job. No issues with the scripting of the OVPN service restart but i cannot find anyway of non-interactively assigning a port to an interface. Is anyone able to enlighten me with regards to this please?

    P.s. Version is latest - 2.4.2-RELEASE-p1

    Thanks In Advance

  • Rebel Alliance Developer Netgate

    That sounds like a very … inefficient ... way to get that done.

    Why do you need to reassign the interface? Configure and assign all three and then use a gateway group with all of them to designate which one(s) to use at any given time. You can even load balance across them so connections can use them all.

  • Thanks Jimp, never thought of that, will give it a go and report back. Many thanks for the assist.

  • So just gave this a whirl and just wanted to make sure i've not missed anything:

    1. Rename VPN interface to VPN1.
    2. Assign VPN Ports 2 & 3 to VPN2 & VPN3 Interfaces.
    3. Configure all 3 GW Monitor IP's to external ones.
    4. Add all three to a GW Group assigning them all to Tier1 (thus should Load Balance them then?).
    5. Update relevant FW rules to use the GW Group instead of the original one.
    6. Added additional Outboud NAT rules for the additional 2 VPN interfaces.
    7. Enable Sticky connections (not sure whether this is 100% required but from reading the description it seemed like a good idea).

    Again guys, the help is much appreciated.

  • Rebel Alliance Developer Netgate

    1-3 Yes
    4 - Yes, all on the same tier will load balance connections
    5-6 Yes
    7 That's up to you, that may make the balancing a bit lopsided if you have certain heavy use clients but it's the best way to ensure multiple connections flow consistently.

Log in to reply