Policybased routing and Openvpn

smurfb · Feb 28, 2007, 2:41 PM

Hi again.

New troubles and cant find the solution on the forum.

I have two WAN. One for internal company network which is assigned to the WAN interface. And the other one (the internet) is assigned to OPT1.

Everything is fine, I use policybased routing for webproxy on DMZ to reach internet.

But how do I make Openvpn send it replys to the OPT1/internet gateway and not the defaultroute WAN interface? This is for road warriors.

I have tried to add to OPT1 the sourceadress/sourceport (carp adress) of Openvpn (port 9000) and OPT1 as gateway. But it doesnt work, any other ideas?

Cheers,
Joel

hoba · Feb 28, 2007, 3:54 PM

Make sure you have a firewallrule on top of you rules to pass traffic to the remote openvpn IPs through the default gateway to prevent these from being directly balanced/routed to the pools. This is required for IPSEC as well if you use multiwan.

smurfb · Mar 1, 2007, 3:21 PM

I solved it by making a NAT-rule from OPT2 interface to the same with another port, and all packages goes back the same way. Ugly hack but it works.

Couldnt get the policybased routing to work with Openvpn, works great with everything else.