Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple VPN Connections

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gregeehG
      gregeeh
      last edited by

      Hi all,

      I have setup pfSense using OpenVPN and it works great.  All my LAN->internet traffic goes via my OpenVPN Provider.

      However with this setup all WAN traffic is via just one on my OpenVPNProvider's Servers, say Sydney Australia.

      Is it possible to have connections to say two OpenVPN Servers in two location, eg: Sydney & LA, and direct traffic based on a particular URL via to a particular Server.  eg: All traffic except mydomain.com would go via the Sydney Server and mydomain.com would go via the LA Server.

      If so, a outline on how to achieve this would be appreciated.

      TIA

      Greg

      PfSense running on Qotom mini PC
      CPU N3150, 2 GB memory, 32 GB SSD & 2 Realtek Gb Ethernet ports.
      UniFi AC-Lite access point

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        VPN providers usually push the default route to the client to route all traffic over their server. That's should make the configuration easier.
        However, if you want to route your traffic out in special ways you have to prohibit this and set the routes by yourself. The routing is to be set in the firewall rules which are allowing the outgoing traffic (policy routing).

        So in your example you have to prevent to get pushed the default route by the LA vpn server. To do so, go to its client settings and check "Don't pull routes".
        Ensure you have assigned an interface to this vpn instance.

        For hosts you want to access over the LA server add an alias in Firewall > Aliases > IP. You may enter IP addresses or FQDNs here, no complete URL!

        Go the Firewall > Rules > LAN and add an allow-rule to the top of the rule set, set the protocol and ports as you need it, at destination enter the alias name you have set before. Open the advanced options, go down to gateway and select the LA servers client GW.
        Also you have to set an outbound NAT rule for the LA servers client if it is done by pfSense automatically.

        1 Reply Last reply Reply Quote 0
        • gregeehG
          gregeeh
          last edited by

          Thank you for the detailed response, I will give it a try.

          Greg

          Edit:  I followed your suggestion and I have hosts going via the LA Server for particular domains.  However I have no access to any other websites/domains except those that go via the LA Server.  What could I have done wrong?

          Thanks,

          Greg

          Edit2: Deleted all my changes and started again, now it works just fine.

          PfSense running on Qotom mini PC
          CPU N3150, 2 GB memory, 32 GB SSD & 2 Realtek Gb Ethernet ports.
          UniFi AC-Lite access point

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.