2 WANs and 2 gateways for OVPN
-
Hello all!
I've a 2 WAN connections. I'm trying to set up 2 different gateways for my 2 OVPN servers:
FW>Rules>OVPN like this:
those, different gateways for 2 different OVPN servers are specified.
i also created rules for outbound:
But, when connected via OVPN1 (in my case gateway 2) - there is no internet access and private network.
The first OVPN server is running successfully (WAN & LAN are ok)
Any ideas what is causing this?
-
@happynewguy
To rule out a DNS issue try to access an IP address from the VPN client. -
@viragomann
I'm sorry, but my situation has changed.
Now for my 2 OVPN servers are assigned to 2 WAN connections. It's ok.
Clients have internet access. All OK.
But the clients do not have access to the private network. All resources (samba) unavailable.
I route all traffic through the gateway.
I feel that the problem is somewhere in the FW rules, but I don't know where exactly. Any ideas? -
@happynewguy
Your firewall rules direct any traffic ouzto the WAN gateways.To pass traffic to local destinations you need to add an additional rule without a gateway stated to the top of the rule set.
-
@viragomann
Like this?
Unfortunately, in this version, the OVPN client connected via WAN_D or WAN_W receives external IP addresses of WAN_D or WAN_W. Has internet access but no private network access.
When I disable 2 rules where gateways are specified, OVPN clients ALWAYS get the WAN_D - IP address.
In this option, OVPN clients have both - Internet and private network.
-
@happynewguy
No. Remember that if a rule matches to the traffic it is applied and no further rules are probed.
That means you have to care that each rule only matches to the desired traffic.Since your both policy routing rules catches all OpenVPN traffic and direct it out to WAN, you have to set the rule for LAN access above of the others, but you must modify the destination so that it only matches to local networks.
So when you only have one local subnet, that is easy. Edit the rule and set the destination to "LAN net". Then move the rule to the top of the rule set. Ensure to save the settings after.
-
@viragomann
Yeeees! It works!
I just added the destination in the first rule - local network.
Now clients get van1 and van2 ip addresses, as I wanted to separate and have access to the private network.Thank you very much for the help!!!