OpenVPN mutihop custom configuration guidance request.
-
Hi team,
First time poster, long time reader. I wish to use pfSense to build my own custom multihop OpenVPN solution. I have two unique VPN providers and I would like to know if pfSense can achieve the following. Some VPN Vendors offer this in their clients, I wish to achieve it between two vendors instead of a multihop within one vendor only.
Excuse the crude diagram above, hopefully it makes it clear. I want have normal WAN traffic coming into the pfSense box. From there, I want to establish an OpenVPN connection to Vendor A.
After that connection is live, I wish to establish a connection to Vendor B. However; the outbound gateway for Vendor B is actually delivered via Vendor A.
At the end, I wish route data from Vendor B out to LAN for clients to consume.
I can achieve this in two messy ways:
- Two Debian 10 instances, the 2nd instance has the gateway of the first instance.
- Two pfSense instances, again the 2nd instance has the gateway of the first pfSense instance.
Ideally, I'd like to achieve this in one pfSense instance.
I'd also like a Kill switch - so that in the event of any of the VPN connections dropping, wan connection on the 10.2.1.0/24 subnet is blocked.
I have performed a search internally and I have seen the following posts:
https://forum.netgate.com/topic/104874/openvpn-multi-hop
https://forum.netgate.com/topic/105149/multi-hop-with-openvpn-clientsIt seems this has come up a few times but a clear explanation has been lacking. Is there any interest beyond myself in this solution? I'm forever in your debt.
Thanks!