OpenVPN and Dual Wan
-
Hi all. I would like to know, if it's possible with pfsense to have two openvpn gateway to gateway to connect two office, and than choose with policy routing, which tunnel, hosts on either office internal lans use to communicate with each others. Like hostA when connecting to hostB on the remote site use vpnA but all the other host use vpnB.
Thanks a lot.
-
Not at this time. We have some OpenVPN improvements planned for a future version and I added this to our wish list for when we start working on it.
http://wiki.pfsense.com/wikka.php?wakka=OpenVPNWishlist -
Hi! Thanks for replying. I've Pfsense 1.2-BETA-1, and with the OpenVPN package, i'm already capable of doing this three things:
Listen on multiple ports
Listen on multiple protos (tcp & udp)
Listen on multiple IP's (multi-WAN)
I just put on the "custom options" of the my two openvpn tunnel configuration this line:
local 85.35.218.x;remote 85.35.219.x # for tunnel A
local 85.35.219.x;remote 85.35.220.x # for tunnel A
and doing a netstat -an it shows:
udp4 0 0 85.35.218.138.1194 .
udp4 0 0 85.35.219.219.1195 .So openvpn daemon is listening correctly on both two wans fo incoming connections (with tcpdump i've tested it). And changing the protocol tab of the config, should also do the trick to listen on different protocol (tcp/udp).
But my question was referred to the possibility of doing policy routing for the two vpn, for the hosts inside the lan subnet of both sites. If i create a firewall rule, the tun0 and tun1 interface should appear in the gateway tab, so that i could choose the tunnel to use for a particular host/subnet to host/subnet communication. Is there another way to do this, waiting for the possibility to choose also the tun interfaces in the gateway tab of firewall rules option?
Thanks again.
PS. For failover over vpns i can wait, but the policy routing would be the choice to decide to switch or not to this great product.