Script on pfsense box using a specific interface (gateway)



  • In trying to get a script working on the pfsense box as per this http://forum.pfsense.org/index.php/topic,65094.0.html. I created the script on the box via ssh. The script issues wget commands to a specific URL that is only reachable via a certain interface.

    My pfsense box has a WAN, OPT1, OPT2 interfaces. OPT1 is connected to one vpn server and OPT2 another. I would like a script to run on the pfsense box (192.168.1.1 address) and have it go out via the OPT1 (ovpnc2) interface. Currently, it goes out via OPT2 (ovpnc3). How can I change this behaviour?

    Does it have something to do with the order of creation of the interfaces?

    I am using 2.1RC1 (pfSense-LiveCD-2.1-RC1-i386-20130801-1902.iso)

    Doing netstat in a ssh reveals:

    Destination        Gateway            Flags    Refs      Use  Netif Expire
    0.0.0.0/1          10.*        UGS         0    56312 ovpnc3 =>
    default            198.*    UGS         0      700 vmx3f1

    I think the problem lies with 0.0.0.0/1. Does that signify all traffic? If so, I see it using ovpnc3 which is what I don't want.

    I thought whichever gateway has "default" checked is the default getway? The default line changes when I do that but not the 0.0.0.0/1 line.



  • I think the 0.0.0.0 line is related to selecting the option to push all traffic over the tunnel - maybe you selected that for the OPT2 VPN?
    Turning that off, and making OPT2 the default gateway might have a similar effect, and allow you to route other traffic out OPT1 with firewall rule policy-routes or static routes or…



  • Thanks for your reply but I do not see the option to push all traffic over the tunnel in the client otions.

    I did two things, not sure which is right but it looks like it's working.

    1. I added a route in System->Routing->Routes like so

    Network Gateway Interface Description
    add
    0.0.0.0/1 OPT1_VPNV4 - 10.* OPT1

    1. Changed the default gateway to OP1 (from WAN_DHCP) in System->Routing->Gateway


  • The VPN server often push something called "redirect-gateway def1" to the client upon connect. This adds a "default gateway" that overrides your existing default gateway, and is probably what you experience. You have to block this behaviour in the OpenVPN client config under advanced by using "route-nopull" or "route-noexec", but they you must create your own routing to make sure whatever traffic should go out the VPNs do.


Log in to reply