pfSense as remote client to VPN Host WAN Problem



  • Followed this guide.
    Youtube Video

    Setup:
    Site A: pfSense WAN_VPN Client Interface
    Site B: pfSense VPN Host Server (Remote Access)

    Issue: Clients connected to the WAN_VPN get directed to Site B as desired but the other clients lose WAN. If I disable interface, WAN returns.

    WAN_VPN Client Detail:
    Bars the server from adding routes to the client's routing table [checked]
    Advanced: redirect-gateway def1;

    System->Routing->WAN is Default

    I worked around it by setting applicable firewall rules on LAN to use the Advanced->Gateway->WAN but there must be a different solution. Why would the default gateway WAN not be used? How can I debug this? Thanks!


  • LAYER 8 Rebel Alliance

    So you want to connect two Sites with OpenVPN?
    You followed the wrong guide then... generally speaking OpenVPN as a WAN is used to tunnel all traffic through some VPN provider.
    Setup one Site as OpenVPN Server in Peer to Peer (SSL/TLS) or Peer to Peer (Shared Key) mode and connect the other Site as OpenVPN Client in the same mode.
    Here you have the matching Video hangouts:
    https://www.netgate.com/resources/videos/site-to-site-vpns-on-pfsense.html
    https://www.netgate.com/resources/videos/advanced-openvpn-on-pfsense-24.html

    -Rico



  • I already have Site-to-Site and that was easy. What this does is route all traffic from a specific subnet in Site A to WAN of Site B - just like a Privacy VPN.


  • LAYER 8 Rebel Alliance

    You can Policy Route traffic back and forth like you want just with Firewall Rules. I'm 99% sure @jimp covered this in one of the hangouts I've already linked you.
    But DON'T setup any crazy stuff like Remote Access VPN and use it for a site to site.

    -Rico



  • @Rico Clients connected to the WAN_VPN get directed to Site B as desired but the other clients lose WAN. If I disable interface, WAN returns.

    I worked around it by setting applicable firewall rules on LAN to use the Advanced->Gateway->WAN but there must be a different solution. Why would the default gateway WAN not be used?


Log in to reply