Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Openvpn udp multiple WAN

    OpenVPN
    5
    12
    4895
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cdenley last edited by

      I have two WAN interfaces. I configured openvpn. I allowed 1194/UDP to the interface IP for both WAN interfaces. I can only connect to the primary WAN interface from outside the network. I cannot connect to the 2nd WAN interface. How do I fix this?

      1 Reply Last reply Reply Quote 0
      • C
        cdenley last edited by

        A packet capture seems to indicate that UDP packets are recieved from the client, but none are sent back from pfsense.

        1 Reply Last reply Reply Quote 0
        • D
          danswartz last edited by

          I'm guessing the return packets are going out the other WAN interface?

          1 Reply Last reply Reply Quote 0
          • C
            cdenley last edited by

            I think you are correct from what I have read so far. Apparently openvpn cannot determine what interface UDP packets were received on, so it simply replies using the default interface.

            1. Has this been fixed in newer releases of OpenVPN?
            2. Is there an easy workaround to force OpenVPN to send UDP packets on my second WAN inteface? I don't want to have to switch them as that would bring everything offline and mean a lot of reconfiguration. I don't necessarily need the primary interface to work with OpenVPN.

            1 Reply Last reply Reply Quote 0
            • C
              cdenley last edited by

              I figured out an answer to number 2. I simply added this line to the openvpn server configuration in the pfsense web interface:

              
              local xxx.xxx.xxx.xxx;
              
              

              where xxx.xxx.xxx.xxx is the address assigned to the secondary interface, which is the one I want to send openvpn's UDP packets. It would be nice to have the primary interface available just in case, though.

              1 Reply Last reply Reply Quote 0
              • C
                cdenley last edited by

                I just noticed that my workaround prevents it from working on the LAN interface, though. A better solution would be great.

                1 Reply Last reply Reply Quote 0
                • GruensFroeschli
                  GruensFroeschli last edited by

                  Well you could put for local x.x.x.x the IP of the pfSense on the LAN side.
                  Then forward the ports via NAT from the WANs to the LAN IP.

                  1 Reply Last reply Reply Quote 0
                  • C
                    cdenley last edited by

                    Of course! So simple, and now it works on ALL interfaces. Thanks.

                    1 Reply Last reply Reply Quote 0
                    • B
                      Bozan last edited by

                      Can you please explain where I can set the IP for the openVPN? I don't see any options on the tun interface configuration.

                      1 Reply Last reply Reply Quote 0
                      • GruensFroeschli
                        GruensFroeschli last edited by

                        Set the "local" parameter in the custom options.
                        Read the man pages to OpenVPN if you need specifics.

                        1 Reply Last reply Reply Quote 0
                        • B
                          Bozan last edited by

                          Ok thanks, I'm a "Newbie" here  :)

                          Solution works fine!

                          1 Reply Last reply Reply Quote 0
                          • ?
                            Guest last edited by

                            nice work!thanks!

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post

                            Products

                            • Platform Overview
                            • TNSR
                            • pfSense Plus
                            • Appliances

                            Services

                            • Training
                            • Professional Services

                            Support

                            • Subscription Plans
                            • Contact Support
                            • Product Lifecycle
                            • Documentation

                            News

                            • Media Coverage
                            • Press
                            • Events

                            Resources

                            • Blog
                            • FAQ
                            • Find a Partner
                            • Resource Library
                            • Security Information

                            Company

                            • About Us
                            • Careers
                            • Partners
                            • Contact Us
                            • Legal
                            Our Mission

                            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                            Subscribe to our Newsletter

                            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                            © 2021 Rubicon Communications, LLC | Privacy Policy