OpenVPN and routing



  • Just wondering if anyone else got routing over an OpenVPN connection to work on 2.1?
    I am trying to get StrongVPN to work, but get constant problems with the GUI when trying to give gateway in the Firewall Rules section. Only one GW is listed as an option, and that is the WAN one.

    When trying to setup fixed routing with the routing interface, it refuses to acknowledge that the "dynamic" interface really is the same Address Family as the route I am supplying.

    The "Address Family" problem I have noted has been in other places too, and supposedly fixed 6 months ago, but in my 2 day old snapshot it still is there for the routing GUI at least.

    Anyway, no way I am trying I can successfully get it to let me route any user-data over the openvpn gateway. The interface itself is up, so it shouldn't be a problem.



  • Hi Gbra,

    I am also experiencing this issue. I think it has to do with the fact that although the OpenVPN link to StrongVPN is up (and the interface is able to ping an internet address like 8.8.4.4 from Diagnostics - Ping) pfSense believes it's down, as under Status - Gateways, the StrongVPN gateway is stuck in a Pending status.

    I fussed with it for 5 or 6 hours yesterday before finally reverting to 2.0.1. If you find a resolution, please post back with your results, as I'd like to get 2.1's IPv6 support.



  • I'm currently using and routing some LAN pc into a VPN connection (at vpntunnel.com, but basically it's the same), and all others in the normal GW

    I used part of this tutorial to be able to set this : http://forum.pfsense.org/index.php/topic,29944.0.html

    And it runs smooth with 2.1 (2.1-BETA0 (i386) built on Fri Dec 7 09:37:45 EST 2012 FreeBSD 8.3-RELEASE-p5)

    Don't forget this as without it it won't work:
    edit - March 9 2011
    – from now on, in order for traffic to be routed through the vpn gateway; from the pfSense interface, navigate to the dropdown menus: FIREWALL --> NAT --> OUTBOUND --| enable "Manual Outbound NAT rule generation" and select save.

    Be also sure to set some floating rules to prevent ppl from accessing your box from the VNP address (same tutorial, last post).



  • @raclure:

    I'm currently using and routing some LAN pc into a VPN connection (at vpntunnel.com, but basically it's the same), and all others in the normal GW

    I used part of this tutorial to be able to set this : http://forum.pfsense.org/index.php/topic,29944.0.html

    And it runs smooth with 2.1 (2.1-BETA0 (i386) built on Fri Dec 7 09:37:45 EST 2012 FreeBSD 8.3-RELEASE-p5)

    Don't forget this as without it it won't work:
    edit - March 9 2011
    – from now on, in order for traffic to be routed through the vpn gateway; from the pfSense interface, navigate to the dropdown menus: FIREWALL --> NAT --> OUTBOUND --| enable "Manual Outbound NAT rule generation" and select save.

    Be also sure to set some floating rules to prevent ppl from accessing your box from the VNP address (same tutorial, last post).

    I've been using that tutorial with StrongVPN for a year or more, no problem. I was running the x64 version of 2.1 however, so I wonder if there is an issue with it versus the i386 version? If you search this forum for "gateway," you'll see there is an issue with secondary gateways not showing up in firewall rules. There is a specific workaround to get them to show up, but I'll just wait until the issue is resolved since I have re-installed 2.0.1 and it's working fine … just without IPv6 support.

    Thanks for the tip about floating rules. I was wondering why a Shield's Up scan show ports as closed, rather than stealth. Creating a floating rule to block all out on the StrongVPN interface has stealthed everything but port 0, which shows as closed.



  • Ok, my fault, i misunderstood your post.

    If i have time this w-e, i'll try to use the latest x64 image with my config and see if it works and if the gateway is showing.


Locked