Using OpenVPN with Virtual IP Address

codera · Apr 26, 2018, 5:12 PM

Hi!

How can i use OpenVPN with Virtual IP Address? I have a static IP´s subnet from ISP. One ip is used on the default WAN interface and i also added a second IP to Virtual IP Address as IP Alias.
What is the correct setup for making OpenVPN work with that IP, not the one, that is used by default WAN interface?

Also i would like to have the OpenVPN outgoing connection using the same virtual IP address. As i understand that this can be done at Firewall / NAT / Outbound.

viragomann · Apr 26, 2018, 9:54 PM

Now, do you have an openvpn server or a client or both?

Symon · Apr 27, 2018, 8:27 AM

You set up the virtual IP in Firewall -> Virtual IP . Then, in the VPN -> OpenVPN section, when you set up the server or client, choose the Virtual IP you made in the interface drop down. If it's a server, make sure you have a rule in Firewall -> Rules on the WAN to let stuff through.

codera · Apr 27, 2018, 12:19 PM

@viragomann:

Now, do you have an openvpn server or a client or both?

Yes, only openvpn server.

codera · Apr 27, 2018, 12:22 PM

@Symon:

You set up the virtual IP in Firewall -> Virtual IP . Then, in the VPN -> OpenVPN section, when you set up the server or client, choose the Virtual IP you made in the interface drop down. If it's a server, make sure you have a rule in Firewall -> Rules on the WAN to let stuff through.

Virtual IP is added already.
I need to set up the server. Does all the need rules get created automatically or do i need to change/add some rule?
I used the wizard and if a remember correctly, i already chose the virtual ip but after trying to connect from client i got an error, indication a message, the client could not connect.

I´ll try to set it up again.

viragomann · Apr 27, 2018, 12:40 PM

The wizard will have set the firewall rule for the WAN IP. So edit that rule and select the virtual IP at destination instead.
Also set the server to listen to the virtual IP as suggested by Symon.

codera · Apr 28, 2018, 2:37 PM

When i set up the interface, at the wizard, in step 9, i can only choose WAN, the virtual IP interface is not shown.

After the wizard is done, i can go and edit the server options and change the interface from WAN to virtual IP. After i save it, i do not think the firewall rules get also changed?
When i manually go to firewall rules and try to edit, the interface or destination, that are both set as WAN right know, i also do not see the virtual IP?

Derelict · Apr 28, 2018, 8:14 PM

You'll have to post your VIP configuration. If defined properly you will be able to choose the VIP in the interface selector in the server config. If you cannot do that it is because the VIP is configured incorrectly.

As has already been said, you need to be sure that the OpenVPN traffic is passed into wan to the VIP. This is UDP/1194 by default.

codera · Apr 30, 2018, 2:43 PM

Well i tried to configure openVPN using my default WAN adapter. I had some weird issues, i got errors after configuring openvpn and pfSense admin page displayd some filter reload erros. Also after restart i had no internet connection on my lan devices.
So i took the openVPN server down and removed all the firewall rules and did a fresh restart. After that, when i set up openVPN again, on the default WAN interface, at lease i got it to work.
Weird is also the fact, that this is almost a fresh installation, i havent really configure anything.

I think this was the issue with the virtual IP also, but i am going to reconfigure the openVPN when i have enough free time.