• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routes over OpenVPN not working after reboot

Scheduled Pinned Locked Moved Routing and Multi WAN
5 Posts 2 Posters 509 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    Froginou14
    last edited by Jan 24, 2024, 4:27 PM

    Hello,

    I have multiple routes over OpenVPN Lan to lan interface (pointing to the gateway that is created with the interface) xxx_VPNV4. Gateway IP is fine, monitoring IP is fine.
    Everytime the firewall reboot, all traffic goes to default gateway, even if the vpn is going up in few seconds.

    I have to "reset" any routes that going through the _VPNV4 gateway, then apply, and everything goes fine again.

    I'm using Netgate 2100 on both sites.

    Does someone knows why there's this behaviour, and how to prevent it ?

    Thanks for your help

    V 1 Reply Last reply Jan 26, 2024, 10:05 PM Reply Quote 0
    • V
      viragomann @Froginou14
      last edited by Jan 26, 2024, 10:05 PM

      @Froginou-0
      It's recommended to not set static routes to VPN gateways due to this behavior.

      Which destination do you route over the VPN? Are these public IPs / ranges?

      Consider route them with policy routing rules and check "Do not create rules when gateway is down" in the system advanced settings.

      F 1 Reply Last reply Jan 31, 2024, 12:09 PM Reply Quote 0
      • F
        Froginou14 @viragomann
        last edited by Jan 31, 2024, 12:09 PM

        @viragomann
        Thanks for your reply, and sorry for the delay

        I have multiple private networks I have to send through this gateway, and only one public range.
        Some of these routes are sent from the remote gateway to another router.

        I never used route based policy on these firewall, how should this work ?
        Creating a Gateway Group with my VPN and WAN gateway ?

        Could this page from the doc a good start ?
        https://docs.netgate.com/pfsense/en/latest/multiwan/policy-route.html

        V 1 Reply Last reply Jan 31, 2024, 12:42 PM Reply Quote 0
        • V
          viragomann @Froginou14
          last edited by Jan 31, 2024, 12:42 PM

          @Froginou-0
          Yes, it's quiet simple.

          There is no need for a gateway group, since you want to use the VPN gateway only for the concerned destinations, as I got it.

          Add all the destination subnets or addresses to an alias of type network. For a single IP use a /32 mask.

          Then create a firewall rule on the top of the incoming interface rule set, e.g. LAN, to pass traffic out. Set the alias as destination. Open the advanced options and select the VPN gateway.
          Ensure that this rule is above of the allow any other traffic rule, so that it is probed first.

          Some of these routes are sent from the remote gateway to another router.

          So you forward public requests to the other site?
          For this you need the rule on WAN of course.

          F 1 Reply Last reply Jan 31, 2024, 12:47 PM Reply Quote 0
          • F
            Froginou14 @viragomann
            last edited by Jan 31, 2024, 12:47 PM

            @viragomann

            Thanks, I will try this out, i'll keep you informed if something goes wrong.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received