Problem configuring OpenVPN for using with VLAN and Unifi

  • Hello, greetings to all community, i'm trying to configure pfSense for running also with a VPN provider through Unifi AP (with VLAN).

    My config here are FTTH Modem (bridged) -->pfSense --> Unifi Switch --> Unifi AC PRO

    That i want to get working is one WiFi network for normal use, and the other one WiFi network only for use through the VPN (connected to the OpenVPN Client).

    I've running fine the OpenVPN client with my VPN provider, but i can only get working if in my local lan network set my VPN connection as a static ip, so in the host appliance, if i set the local ip network configured, works fine.

    So, i tried to configure the second WiFi network to work via the VPN Client but i can't get it working, only get local access to internet, neither the VPN internet access.

    If anyone can help me, i'll really appreciate it.


  • @nacholbs

    If you have 2 SSIDs, through the same router, you'd need a VLAN to separate the traffic. Do you have that? Also, what precisely do you mean by "but i can only get working if in my local lan network set my VPN connection as a static ip"? What device are you trying to configure with a static IP?

  • Hello, yes i have a separate vlan (10), and i have internet access in the two ssid's.
    It's weird, and i'm sure that i have a big little error in the NAT section of pfSense, and for this reason i've internet in the 2nd ssid.

    Now i've running in that way:

    ISP --> SSID1 (Have ISP Internet) LAN 10.0.0.x
    --> SSID2 through VLAN10 (Have ISP Internet) LAN 192.168.50.x
    --> OpenVPN Client --> Static IP (I can't get working as DHCP) connected via SSID1 --> IoT Devices
    <-- L2TP VPN Server (For have local LAN/Internet access from mobile devices when i get out of my soho)

    The only way that i can get running the OpenVPN connection to my IoT device is putting this device a static lan ip, if i put to pass any ip i didn't work (i.e.

    That i want to have running but i've burned all my papers are:

    ISP --> SSID1 (Normal ISP Internet and Normal LAN access )
    --> OpenVPN Client --> SSID2 through VLAN10 --> (only want Internet through VPN for connect IoT Devices, no access to LAN)
    <-- L2TP VPN Server

    If you want i can upload screenshots of my configuration.

    I hope that you have understand what i want to get running, it sounds strange but i think that i can get running on (i believe it) haha.

  • Now, i've running all of these but now i've a problem with the DNS servers (leaking)
    When i connect to the SSID2 (that have the VPN IP) all my DNS goes via my ISP.
    When i connect to the SSID1 (that i have ISP normal connection) all my DNS goes via my ISP too.
    I've tried to configure in System -> General 2 DNS's servers and in one of these, in Gateway i choose the VPN connection, but anyway still goes through the ISP DNS (and still show me DNS Leaks).

    If i go to Services --> DNS Resolver --> and in Outgoing Network Interfaces i select only the VPN interface (named VPN) i've get working in my SSID2 (VPN network) the DNS of my VPN Provider, but the problem is that i got the same DNS server for my SSID1 (ISP DNS) so there is no working fine.
    What are doing wrong? I'm burning all my papers.

    To resume, i want in SSID1 (use ISP DNS) and in SSID2 (use VPN DNS)
    Now i get running in SSID1 (ISP IP) and in SSID2 (VPN IP)

    It's possible?

    Thanks in advance.

Log in to reply