Openvpn dual wan using OPT


  • I have two interfaces WAN and OPT1. I would like to openvpn tunnel directed to the OPT1 interface and not to WAN, I tried to do this through rules rules -> LAN but could not make him use the OPT interface.

    Is it possible?


  • You need to create a static route for the server your connecting to, pointing to the gateway of WAN2.


  • Hi, the problem is that openvpn does not connect the interface WAN2, only through the first interface is WAN. And the setup openvpn not tell anything which interface it should use.


  • Maybe you should clarify: are you talking about inbound or about outbound connections?

    For outbound connections you need to create the above mentioned static route.
    For inbound connections you need to add a "custom command".
    Look at the OpenVPN MAN page how you can specify manually an IP to listen on.


  • Let me explain: I have two links, one directed to web browsing did it using "Rules-LAN" and another is that it is only for VPN WAN2 interface. But only connects with the openvpn server (linux) the other end using the WAN link. The traffic is out to another server. I do not know how I add a static route would work, pq who will connect the WAN interface.


  • system –> static routes


  • Thanks, your suggestion worked.


  • I have the same problem and I'm still in the dark here.

    I have two pfSense boxes and I want to route the openvpn traffic through the OPT1 interface at work to my system at home.  The work box is the "server" my home is the "client".  My home box is set to use the gateway connected to OPT1 at work, but there is no way to tell the server at work to send packets back through the OPT1 interface (instead of WAN).

    The static route suggestion leaves me confused.  I can set a default gateway, but it wants a "source" for the packets.  LAN, WAN, etc. don't seem to create a static route that OpenVPN respects or uses.  Nothing seems to affect it since it sits inside the pfSense box and does not seem to pay attention to any routing rules other than from it's openvpn page itself.
    '
    Looking at my logs, I can see the client is connecting to the OPT1 interface at work, but the server at work is responding over its WAN interface.  I could just set "float" in my client, but it misses the point of having a T1 line for VPN use.

    I've googled many many messages about this multi-homed madness and openvpn, but have found few who actually claimed to get it working.  99% of the messages never attract even a single response.  This is a big problem for anyone with multiple WANs and there isn't much to go on getting pfSense and openvpn to work.


  • @joebarnhart:

    I have two pfSense boxes and I want to route the openvpn traffic through the OPT1 interface at work to my system at home.  The work box is the "server" my home is the "client".  My home box is set to use the gateway connected to OPT1 at work, but there is no way to tell the server at work to send packets back through the OPT1 interface (instead of WAN).

    Create a static route for the IP of the remote end and as gateway your OPT1 gateway.

    @joebarnhart:

    The static route suggestion leaves me confused.  I can set a default gateway, but it wants a "source" for the packets.  LAN, WAN, etc. don't seem to create a static route that OpenVPN respects or uses.  Nothing seems to affect it since it sits inside the pfSense box and does not seem to pay attention to any routing rules other than from it's openvpn page itself.
    '

    You're obviously in the wrong place.
    You dont have to create a firewall-rule and set a gateway.
    You have to create a static route in place i wrote above.

    @joebarnhart:

    Looking at my logs, I can see the client is connecting to the OPT1 interface at work, but the server at work is responding over its WAN interface.  I could just set "float" in my client, but it misses the point of having a T1 line for VPN use.

    I've googled many many messages about this multi-homed madness and openvpn, but have found few who actually claimed to get it working.  99% of the messages never attract even a single response.  This is a big problem for anyone with multiple WANs and there isn't much to go on getting pfSense and openvpn to work.

    I think you need to clarify something.
    Do you want the pfSense to connect to a server?
    In this case you need the static route above.

    Do you want clients to connect to the pfSense on the OPT?
    In this case you dont need a static route, but you need to set the correct commands in the "Custom options" field on the OpenVPN server page.
    AFAIK something along the line of "–local host IP_of_OPTx".
    Just to tell the OpenVPN instance that it should listen on the IP of the OPTx instead of the main WAN.

    PS: Why do you think that "This is a big problem for anyone with multiple WANs and there isn't much to go on getting pfSense and openvpn to work." ?
    It's not a problem of pfSense if you dont know how to handle OpenVPN....