OpenVPN and Gateway Group (MultiWAN)


  • LAYER 8 Netgate

    Is there a problem with OpenVPN and gateway groups (multiwan) ??

    I have OpenVPN working fine but when I enable multiwan, the tunnel comes up but traffic doesn't seem to route properly between the private networks.  Set the LAN any any firewall rule back to default gateway and it works fine.



  • @Derelict:

    Is there a problem with OpenVPN and gateway groups (multiwan) ??

    I have a similar problem.
    Are you on 2.1-RELEASE?
    As described here http://forum.pfsense.org/index.php/topic,68031.0.html upgrading to 2.1-RELEASE one (of two) vpn stopped to work.

    Disabling multiwan both vpns work fine!
    As I stated on "my" thread no problem on 2.1-RC1.


  • LAYER 8 Netgate

    There is an entire section on OpenVPN and MultiWAN in the pfSense 2.1 draft book.  I have not had time to try to make it work.  I think my original question should have been answered with "RTFM."


  • LAYER 8 Netgate

    Okay, I've finally had time to revisit this:

    Client LAN:
    192.168.223.0/24

    Client OpenVPN:
    IPv4 Remote Network/s: Blank

    Server LAN:
    172.22.81.0/24

    Server OpenVPN:
    IPv4 Local Network/s: 172.22.81.0/24

    This works fine.  Client receives route to 172.22.81.0/24 and everything is good.  Until I set the client LAN to use MultiWAN by setting the Pass any any rule to use a gateway group.

    If I do this, OpenVPN traffic to the server LAN no longer makes it.  But there are no blocked packets logged.  Tunnel comes up just fine, but I can no longer reach the Server LAN over OpenVPN.

    I can fix this by adding:

    Client OpenVPN:
    IPv4 Remote Network/s: 172.22.81.0/24

    It is my goal to have as much client configuration pushed to the client by the server as possible.  The route is being pushed properly since it works before enabling MultiWAN on the client.

    Am I doing it wrong?



  • Until I set the client LAN to use MultiWAN by setting the Pass any any rule to use a gateway group.

    That rule now pushes all traffic to the highest tier member interface(s) of the gateway group. The packets are not given to the normal routing table.
    Add a rule above that to pass traffic with destination 172.22.81.0/24 and no gateway group. Then those packets will be passed to the ordinary routing, and will find their way through the OpenVPN tunnel.

    I can fix this by adding:

    Client OpenVPN:
    IPv4 Remote Network/s: 172.22.81.0/24

    I don't understand why that works for you - the client end OpenVPN routing settings should still end up just in the ordinary routing table and have the same issues as doing it in the server-end settings.


Log in to reply