Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Script on pfsense box using a specific interface (gateway)

    OpenVPN
    3
    4
    1561
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joelones last edited by

      In trying to get a script working on the pfsense box as per this http://forum.pfsense.org/index.php/topic,65094.0.html. I created the script on the box via ssh. The script issues wget commands to a specific URL that is only reachable via a certain interface.

      My pfsense box has a WAN, OPT1, OPT2 interfaces. OPT1 is connected to one vpn server and OPT2 another. I would like a script to run on the pfsense box (192.168.1.1 address) and have it go out via the OPT1 (ovpnc2) interface. Currently, it goes out via OPT2 (ovpnc3). How can I change this behaviour?

      Does it have something to do with the order of creation of the interfaces?

      I am using 2.1RC1 (pfSense-LiveCD-2.1-RC1-i386-20130801-1902.iso)

      Doing netstat in a ssh reveals:

      Destination        Gateway            Flags    Refs      Use  Netif Expire
      0.0.0.0/1          10.*        UGS         0    56312 ovpnc3 =>
      default            198.*    UGS         0      700 vmx3f1

      I think the problem lies with 0.0.0.0/1. Does that signify all traffic? If so, I see it using ovpnc3 which is what I don't want.

      I thought whichever gateway has "default" checked is the default getway? The default line changes when I do that but not the 0.0.0.0/1 line.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        I think the 0.0.0.0 line is related to selecting the option to push all traffic over the tunnel - maybe you selected that for the OPT2 VPN?
        Turning that off, and making OPT2 the default gateway might have a similar effect, and allow you to route other traffic out OPT1 with firewall rule policy-routes or static routes or…

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • J
          joelones last edited by

          Thanks for your reply but I do not see the option to push all traffic over the tunnel in the client otions.

          I did two things, not sure which is right but it looks like it's working.

          1. I added a route in System->Routing->Routes like so

          Network Gateway Interface Description
          add
          0.0.0.0/1 OPT1_VPNV4 - 10.* OPT1

          1. Changed the default gateway to OP1 (from WAN_DHCP) in System->Routing->Gateway
          1 Reply Last reply Reply Quote 0
          • N
            Nadar last edited by

            The VPN server often push something called "redirect-gateway def1" to the client upon connect. This adds a "default gateway" that overrides your existing default gateway, and is probably what you experience. You have to block this behaviour in the OpenVPN client config under advanced by using "route-nopull" or "route-noexec", but they you must create your own routing to make sure whatever traffic should go out the VPNs do.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post