Single WAN, multiple VPN connections, multiple local networks
-
Posted on Routing & Multi WAN, but may belong here.
I've got two VPN connections, with two interfaces (VPN1 & VPN2), two gateways (VPN1GW & VPN2GW), two local network interfaces (NW1 & NW2), and of course WAN_DHCP.
I can get to the internet on NW1 when I set the gateway via a rule for the whole NW1 via WAN_DHCP, VPN1, or VPN2). I've confirmed that the connection is either WAN or VPN when its on each gateway. NW1 is working properly.
The issue is with NW2. I can only get to the internet on NW2 when I set the gateway via a rule for the whole NW2 via WAN_DHCP. It will not allow me to connect if I use either VPN1 or VPN2.
Even if I set up Gateway Groups with each just having one gateway in it for the VPNs, it does the same.
To me it's pointing to something in the routing, as I can ping the IP gateway from a system on NW2, even when set to use a VPN1 or VPN2, but I cannot ping anywhere on the internet. I just can't see where the issue is.
Under General Setup I have two DNS servers configured, one for each VPN, neither is reachable on NW2 when it's setup to use a VPN, but both are reachable when set for WAN_DHCP.
Basically, I want NW1 to communicate via VPN1 and NW2 to communicate via VPN2. This is to allow me to set VPN2 to be a static IP with my VPN provider for setting up a proper reverse DNS entry for a mailserver, as my internet provider is restricted from issuing static IPs by their upstream provider (cable).
Anyone have any ideas?
Bueller?
-
@Wits-End
Are there an outbound NAT rule in place for NW2 subnet on the VPN interfaces? -
@viragomann Yes, I think I tracked it down to the VPN instances getting the same virtual IP in pfsense, which is making it conflict. And these are not changeable.... so.... currently looking at setting up a dedicated vpn connection on the linux box for the static route for the mailserver.