Route openVPN through specific Gateway

wedge1001 · Apr 14, 2014, 6:57 AM

Hello,

i've got some issues i can't yet resolv.
my PfSense only has one NIC, but hosts several VPN-Connections.
Two Site-to-site VPNs, 2 Server-VPNs and two outgoing VPNs.
So like this:

Routing inbetween the green bar is not a problem. This works fine.

routing through the standard-gateway (either "Outgoing VPN1" or "Outgoing VPN2" or WAN) works also.

Now I want to route some specific traffic (let's say an IP-Range) from the VPN-Connection(s) explicitly over "Outgoing VPN2" but the rest over "outgoing VPN1"

Is there a way to setup routes that will do this?

i've tried to add routes to the WAN interface of the PFsense, to the OpenVPN-Interfaces etc.
Nothing has worked so far.
So Please tell me, if there's something i've missed.

Thanks

phil.davis · Apr 14, 2014, 7:13 AM

I presume that Outgoing VPN 1 and 2 are for access to public internet stuff through VPN providers.
Interfaces->Assign - assign interfaces (OPTn) to the Outgoing VPNs.
Now you can enable those interfaces, but leave the IPv4 (and IPv6) Configuration Type "none". OpenVPN will do the necessary interface configuration underneath. pfSense will make a gateway for each Outgoing VPN for free.
Now you can make gateway groups (if you want to failover or load-balance traffic).
Then make pass rules on LANs to match various traffic and select the Gateway you want from the rule advanced options.

wedge1001 · Apr 14, 2014, 10:07 AM

Hi,
this is what i have done. Thanks!

The VPN is up,
the Gateway is up.

and i've added the following rule, to my OpenVPN:
All IPv4 from all to all over the gateway:

unfortunately the VPN is still routed via default gateway specified under System->Routing

anything i've missed?

phil.davis · Apr 14, 2014, 10:19 AM

I think you want to route traffic originating from LAN to the various VPNs.
For that, the rule must go on LAN, where the traffic originates, and specify the required VPN gateway. Then pfSense will match the traffic as it starts on LAN and policy-route it where the rule tells it to go.

wedge1001 · Apr 14, 2014, 10:58 AM

Ah sorry.
i should be more clearly.

the Box only has one NIC.
This is used for WAN.
all connections come and go with Virtual NICs over OpenVPN.

So There's no LAN-Tab and no traffic from lan.

i want know (to start) to route all Traffic from my openVPN-TCP-Server via "outgoing VPN 2" instead of the default Gateway specified on System->Routing

Sorry, to be not that clear what i intended to do.

edit
Just got it working!
i've used a floating rule.
(First time i used s.th. like this) Well this is good enough for me.

Thank you for your help!

phil.davis · Apr 14, 2014, 11:13 AM

OK, now I see what you are doing. The floating rule will work because it applies on all interfaces. Now I understand the interfaces you have, I am surprised that what you did at first did not work.
Anyway, happy that it is going now.