Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN and Gateway Group (MultiWAN)

    OpenVPN
    3
    5
    2533
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Derelict
      Derelict LAYER 8 Netgate last edited by

      Is there a problem with OpenVPN and gateway groups (multiwan) ??

      I have OpenVPN working fine but when I enable multiwan, the tunnel comes up but traffic doesn't seem to route properly between the private networks.  Set the LAN any any firewall rule back to default gateway and it works fine.

      Chattanooga, Tennessee, USA
      The pfSense Book is free of charge!
      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • V
        vielfede last edited by

        @Derelict:

        Is there a problem with OpenVPN and gateway groups (multiwan) ??

        I have a similar problem.
        Are you on 2.1-RELEASE?
        As described here http://forum.pfsense.org/index.php/topic,68031.0.html upgrading to 2.1-RELEASE one (of two) vpn stopped to work.

        Disabling multiwan both vpns work fine!
        As I stated on "my" thread no problem on 2.1-RC1.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          There is an entire section on OpenVPN and MultiWAN in the pfSense 2.1 draft book.  I have not had time to try to make it work.  I think my original question should have been answered with "RTFM."

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Okay, I've finally had time to revisit this:

            Client LAN:
            192.168.223.0/24

            Client OpenVPN:
            IPv4 Remote Network/s: Blank

            Server LAN:
            172.22.81.0/24

            Server OpenVPN:
            IPv4 Local Network/s: 172.22.81.0/24

            This works fine.  Client receives route to 172.22.81.0/24 and everything is good.  Until I set the client LAN to use MultiWAN by setting the Pass any any rule to use a gateway group.

            If I do this, OpenVPN traffic to the server LAN no longer makes it.  But there are no blocked packets logged.  Tunnel comes up just fine, but I can no longer reach the Server LAN over OpenVPN.

            I can fix this by adding:

            Client OpenVPN:
            IPv4 Remote Network/s: 172.22.81.0/24

            It is my goal to have as much client configuration pushed to the client by the server as possible.  The route is being pushed properly since it works before enabling MultiWAN on the client.

            Am I doing it wrong?

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis last edited by

              Until I set the client LAN to use MultiWAN by setting the Pass any any rule to use a gateway group.

              That rule now pushes all traffic to the highest tier member interface(s) of the gateway group. The packets are not given to the normal routing table.
              Add a rule above that to pass traffic with destination 172.22.81.0/24 and no gateway group. Then those packets will be passed to the ordinary routing, and will find their way through the OpenVPN tunnel.

              I can fix this by adding:

              Client OpenVPN:
              IPv4 Remote Network/s: 172.22.81.0/24

              I don't understand why that works for you - the client end OpenVPN routing settings should still end up just in the ordinary routing table and have the same issues as doing it in the server-end settings.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post