OpenVPN and Policy Based Routing

eytanes · Sep 7, 2011, 2:05 AM

Hello,
I've successfully created a site-to-site openvpn connection between two pfsense boxes using psk and filling the "remote network" fields.

What I'm trying to do is get the tunnel working via policy based routing and bypass the routing table.
Here is what I've done on each side:
-Assigned an interface to the tunnel;
-Setup a gateway for the interface with the gateway address being the other end of the tunnel, "gtwyVPN"
-Created a rule on the LAN interface to use gtwyVPN for traffic destined for the other end

However, I must be missing a step because traffic is not getting routed back correctly once I clear the "remote network" fields (thus clearing the routes from the routing table).
If I ping site B from site A, wireshark on site B shows me the packets being received but the replies are never received back to site A.

I have a feeling I should be using floating rules (as discussed http://forum.pfsense.org/index.php?topic=36230.0) However I played around with it but never got it working.

Any help would be greatly appreciated.
Thanks,
E

grangej · Dec 3, 2011, 7:20 AM

I am also having this problem, I have taken it one step further (trying to get failover between two wan pipes across two vpn connections) but same results, i can see the traffic on the other end of the firewall but it doesn't go back, what gives?

eytanes · Dec 4, 2011, 12:49 AM

i'm not quite sure how to set up rules to route return traffic.
You can probably try out using ospf. My experience has been that ospf will change the routing table.
This might help, http://forum.pfsense.org/index.php/topic,39328.0.html
Let me know if you end up getting it to work with or without ospf.
-E