Script on pfsense box using a specific interface (gateway)
In trying to get a script working on the pfsense box as per this http://forum.pfsense.org/index.php/topic,65094.0.html. I created the script on the box via ssh. The script issues wget commands to a specific URL that is only reachable via a certain interface.
My pfsense box has a WAN, OPT1, OPT2 interfaces. OPT1 is connected to one vpn server and OPT2 another. I would like a script to run on the pfsense box (192.168.1.1 address) and have it go out via the OPT1 (ovpnc2) interface. Currently, it goes out via OPT2 (ovpnc3). How can I change this behaviour?
Does it have something to do with the order of creation of the interfaces?
I am using 2.1RC1 (pfSense-LiveCD-2.1-RC1-i386-20130801-1902.iso)
Doing netstat in a ssh reveals:
Destination Gateway Flags Refs Use Netif Expire
0.0.0.0/1 10.* UGS 0 56312 ovpnc3 =>
default 198.* UGS 0 700 vmx3f1
I think the problem lies with 0.0.0.0/1. Does that signify all traffic? If so, I see it using ovpnc3 which is what I don't want.
I thought whichever gateway has "default" checked is the default getway? The default line changes when I do that but not the 0.0.0.0/1 line.
I think the 0.0.0.0 line is related to selecting the option to push all traffic over the tunnel - maybe you selected that for the OPT2 VPN?
Turning that off, and making OPT2 the default gateway might have a similar effect, and allow you to route other traffic out OPT1 with firewall rule policy-routes or static routes or…
Thanks for your reply but I do not see the option to push all traffic over the tunnel in the client otions.
I did two things, not sure which is right but it looks like it's working.
- I added a route in System->Routing->Routes like so
Network Gateway Interface Description
0.0.0.0/1 OPT1_VPNV4 - 10.* OPT1
- Changed the default gateway to OP1 (from WAN_DHCP) in System->Routing->Gateway
The VPN server often push something called "redirect-gateway def1" to the client upon connect. This adds a "default gateway" that overrides your existing default gateway, and is probably what you experience. You have to block this behaviour in the OpenVPN client config under advanced by using "route-nopull" or "route-noexec", but they you must create your own routing to make sure whatever traffic should go out the VPNs do.