<![CDATA[Using 2nd pfsense box for openvpn behind pfsense gw]]>Currently I have a pfsense 2.0 acting as GW.
To offload this GW, I want to use a second pfsense box behind this one to act as openvpn server.

On the GW:

  • wan: public ip + 2nd ip via proxy arp
  • lan: 192.168.10.254/24 + ip alias for 192.168.100.254/24

normal lan machines are running in 192.168.10.254

Configured second pfsense currently

  • wan: 192.168.100.253/24
  • lan 192.168.10.153 (so I can access its interface via normal lan)

2nd public ip is 1:1 natted to the second pfsense box

I can connect from outside via ssh on the 2nd public ip and work from there

I need the openvpn to function on the second pfsense, reachable via the 2nd public ip.
Currently running vpn on the first gw, and this works ok.
When trying to connect to the open vpn server on the 2nd box, I can see the client and server trying to establish a connection, but failing on timeouts. It seems that traffic of the vpn server does not reach the client.

Any help/pointers would be great.

]]>https://forum.netgate.com/topic/48745/using-2nd-pfsense-box-for-openvpn-behind-pfsense-gwRSS for NodeWed, 11 Mar 2026 04:14:32 GMTThu, 20 Sep 2012 11:41:28 GMT60<![CDATA[Reply to Using 2nd pfsense box for openvpn behind pfsense gw on Mon, 01 Oct 2012 17:32:17 GMT]]>Following cmb's remark: we put the vpn on the primary pfsense box (and upgrading its hardware a bit)

]]>https://forum.netgate.com/post/358335https://forum.netgate.com/post/358335Mon, 01 Oct 2012 17:32:17 GMT<![CDATA[Reply to Using 2nd pfsense box for openvpn behind pfsense gw on Sun, 23 Sep 2012 04:18:03 GMT]]>You're creating routing complications doing that. In most all cases there isn't a requirement to offload such functionality and it's best left on your main firewall to avoid the routing complications inherent in the type of setup you're attempting.

You can, by adding an appropriate static route on the box that's the default gateway of the network, and checking the option to bypass filtering for static route networks under System>Advanced. It just sounds like you don't really need to do that and are probably best served not doing so.

]]>https://forum.netgate.com/post/357122https://forum.netgate.com/post/357122Sun, 23 Sep 2012 04:18:03 GMT<![CDATA[Reply to Using 2nd pfsense box for openvpn behind pfsense gw on Thu, 20 Sep 2012 13:37:44 GMT]]>might be an issue with nat & udp ovpn tunnels, have you tried running ovpn on tcp to see if this resolves it ?

if not, please supply more info (server configs, traceroutes, packets captures, …)

]]>https://forum.netgate.com/post/356811https://forum.netgate.com/post/356811Thu, 20 Sep 2012 13:37:44 GMT