4. Script on pfsense box using a specific interface (gateway)

Script on pfsense box using a specific interface (gateway)

  • J

    In trying to get a script working on the pfsense box as per this http://forum.pfsense.org/index.php/topic,65094.0.html. I created the script on the box via ssh. The script issues wget commands to a specific URL that is only reachable via a certain interface.

    My pfsense box has a WAN, OPT1, OPT2 interfaces. OPT1 is connected to one vpn server and OPT2 another. I would like a script to run on the pfsense box (192.168.1.1 address) and have it go out via the OPT1 (ovpnc2) interface. Currently, it goes out via OPT2 (ovpnc3). How can I change this behaviour?

    Does it have something to do with the order of creation of the interfaces?

    I am using 2.1RC1 (pfSense-LiveCD-2.1-RC1-i386-20130801-1902.iso)

    Doing netstat in a ssh reveals:

    Destination        Gateway            Flags    Refs      Use  Netif Expire
    0.0.0.0/1          10.*        UGS         0    56312 ovpnc3 =>
    default            198.*    UGS         0      700 vmx3f1

    I think the problem lies with 0.0.0.0/1. Does that signify all traffic? If so, I see it using ovpnc3 which is what I don't want.

    I thought whichever gateway has "default" checked is the default getway? The default line changes when I do that but not the 0.0.0.0/1 line.

    0
  • P

    I think the 0.0.0.0 line is related to selecting the option to push all traffic over the tunnel - maybe you selected that for the OPT2 VPN?
    Turning that off, and making OPT2 the default gateway might have a similar effect, and allow you to route other traffic out OPT1 with firewall rule policy-routes or static routes or…

    0
  • J

    Thanks for your reply but I do not see the option to push all traffic over the tunnel in the client otions.

    I did two things, not sure which is right but it looks like it's working.

    1. I added a route in System->Routing->Routes like so

    Network Gateway Interface Description
    add
    0.0.0.0/1 OPT1_VPNV4 - 10.* OPT1

    1. Changed the default gateway to OP1 (from WAN_DHCP) in System->Routing->Gateway
    0
  • N

    The VPN server often push something called "redirect-gateway def1" to the client upon connect. This adds a "default gateway" that overrides your existing default gateway, and is probably what you experience. You have to block this behaviour in the OpenVPN client config under advanced by using "route-nopull" or "route-noexec", but they you must create your own routing to make sure whatever traffic should go out the VPNs do.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy