Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense as remote client to VPN Host WAN Problem

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 681 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stevemac00
      last edited by

      Followed this guide.
      https://www.youtube.com/watch?v=lp3mtR4j3Lw

      Setup:
      Site A: pfSense WAN_VPN Client Interface
      Site B: pfSense VPN Host Server (Remote Access)

      Issue: Clients connected to the WAN_VPN get directed to Site B as desired but the other clients lose WAN. If I disable interface, WAN returns.

      WAN_VPN Client Detail:
      Bars the server from adding routes to the client's routing table [checked]
      Advanced: redirect-gateway def1;

      System->Routing->WAN is Default

      I worked around it by setting applicable firewall rules on LAN to use the Advanced->Gateway->WAN but there must be a different solution. Why would the default gateway WAN not be used? How can I debug this? Thanks!

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        So you want to connect two Sites with OpenVPN?
        You followed the wrong guide then... generally speaking OpenVPN as a WAN is used to tunnel all traffic through some VPN provider.
        Setup one Site as OpenVPN Server in Peer to Peer (SSL/TLS) or Peer to Peer (Shared Key) mode and connect the other Site as OpenVPN Client in the same mode.
        Here you have the matching Video hangouts:
        https://www.netgate.com/resources/videos/site-to-site-vpns-on-pfsense.html
        https://www.netgate.com/resources/videos/advanced-openvpn-on-pfsense-24.html

        -Rico

        1 Reply Last reply Reply Quote 0
        • S
          stevemac00
          last edited by

          I already have Site-to-Site and that was easy. What this does is route all traffic from a specific subnet in Site A to WAN of Site B - just like a Privacy VPN.

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by

            You can Policy Route traffic back and forth like you want just with Firewall Rules. I'm 99% sure @jimp covered this in one of the hangouts I've already linked you.
            But DON'T setup any crazy stuff like Remote Access VPN and use it for a site to site.

            -Rico

            S 1 Reply Last reply Reply Quote 0
            • S
              stevemac00 @Rico
              last edited by

              @Rico Clients connected to the WAN_VPN get directed to Site B as desired but the other clients lose WAN. If I disable interface, WAN returns.

              I worked around it by setting applicable firewall rules on LAN to use the Advanced->Gateway->WAN but there must be a different solution. Why would the default gateway WAN not be used?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.