Multiple OpenVPN/VLAN Issue
-
I have a pfSense setup with three VLANS each with an OpenVPN connection using a different ExpressVPN server per VLAN. Only the connection listed first in the NAT rules will allow traffic. Each of the other connections fail unless it is the first NAT rule listed. Does anyone have any suggestions on resolving this issue?
-
Why do you have 3 servers? Each VLAN would have it's own subnet which can be routed to the other end.
-
@jknott I do not have an IT background, so my terminology might not always be accurate.
Each VLAN is on its own subnet. Each of those connections has its own OpenVPN connection to a unique ExpressVPN server. All of the VPN connections are up. If I reorder the NAT rules, whichever VPN/VLAN/subnet is first is the one that traffic passes and the remainder fail.
I hope this clarifies the issue.
-
Are all 3 VLANs connecting to the same point? If so, you don't need 3 servers. If you have a VPN up, you have a route that all 3 can be routed over.
-
@jknott No, all three VLANS point to separate servers. Based upon some research, the VPN connections fail seemingly because pfSense monitors the "far side" of the tunnel. Then if it determines that the gateway is unreachable or slow the tunnel drops. I am still researching it.
-
My question was about locations, not servers. Are all those servers in the same place? Or in different locations?
-
@jknott They are all in different locations.
-
Show as the outbound NAT rules and check, that every client got a different private IP address from your VPN provider. If they share an address, it will not work.
