Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connecting to WAN2 with OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 2 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      KDB9000
      last edited by

      I have searched he forum and the one thing that game me any info that would help was this wiki:

      http://doc.pfsense.org/index.php/Multi-WAN_OpenVPN

      So I followed t but it still won't work for me. I can connect to WAN1 but it is DHCP and can change on me, plus it keeps going down. I used th same config (edited the port and address) for the client and same config for the server end (different port and "local <wan2 ip="">" in custom commands at the bottom). I also have my rules in the wall correct to let it though:

      Proto  Source Port Destination  Port  Gateway  Schedule  Description
      TCP/UDP  *  *  *      1195  64.20.192.185      Open VPN port 1195

      Here is my client config (some info is edited):

      float
      port 1195
      dev tun
      dev-node OpenVPN
      proto udp
      remote <wan2 ip="">1195
      #remote <wan1 ip="">1194
      ping 30

      persist-tun
      persist-key

      tls-client
      ca <name>.crt
      cert <name>.crt
      key <name>.key

      ns-cert-type server
      comp-lzo
      pull
      ##verb 5

      WAN1 IP is in there but it is commented out. Like I said it is a copy of the other one that still works, just some minor alterations.

      Any thoughts?</name></name></name></wan1></wan2></wan2>

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        could you provide the two config files for your server?

        why are you using a different port on your second WAN?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • K
          KDB9000
          last edited by

          How do I get the other config file? I took this out of the wiki I have linked in my first post:

          Because your primary WAN's VPN configuration is binding to all IP's using its port, you will have to use a different port for your OPT WAN interface's OpenVPN server.

          But it hasn't made a difference. I might have to wait till tomorrow to get you the second config, I think i just messed up my working VPN. While we wait, were do I get it from?

          1 Reply Last reply Reply Quote 0
          • K
            KDB9000
            last edited by

            I was able to get the working VPN back up. Here is the config for the one I am trying to get up, on the server side:

            writepid /var/run/openvpn_server0.pid
            #user nobody
            #group nobody
            daemon
            keepalive 10 60
            ping-timer-rem
            persist-tun
            persist-key
            dev tun
            proto udp
            cipher BF-CBC
            up /etc/rc.filter_configure
            down /etc/rc.filter_configure
            server 10.100.100.0 255.255.255.0
            client-config-dir /var/etc/openvpn_csc
            push "route 10.10.0.0 255.255.0.0"
            lport 1195
            push "dhcp-option DNS 10.10.10.1"
            push "dhcp-option NTP 10.10.10.1"
            ca /var/etc/openvpn_server0.ca
            cert /var/etc/openvpn_server0.cert
            key /var/etc/openvpn_server0.key
            dh /var/etc/openvpn_server0.dh
            comp-lzo
            persist-remote-ip
            float
            local <wan2 ip="">And this is the working VPN:

            writepid /var/run/openvpn_server1.pid
            #user nobody
            #group nobody
            daemon
            keepalive 10 60
            ping-timer-rem
            persist-tun
            persist-key
            dev tun
            proto udp
            cipher BF-CBC
            up /etc/rc.filter_configure
            down /etc/rc.filter_configure
            server 10.100.100.0 255.255.255.0
            client-config-dir /var/etc/openvpn_csc
            push "route 10.10.0.0 255.255.0.0"
            lport 1194
            push "dhcp-option DNS 10.10.10.1"
            push "dhcp-option NTP 10.10.10.1"
            ca /var/etc/openvpn_server1.ca
            cert /var/etc/openvpn_server1.cert
            key /var/etc/openvpn_server1.key
            dh /var/etc/openvpn_server1.dh
            comp-lzo
            persist-remote-ip
            float</wan2>

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG
              GruensFroeschli
              last edited by

              @KDB9000:

              Because your primary WAN's VPN configuration is binding to all IP's using its port, you will have to use a different port for your OPT WAN interface's OpenVPN server.

              That's why i wonder why you're using 2 servers.
              Cant you connect to the same server just on a different interface?

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • K
                KDB9000
                last edited by

                No, both are on one server, just 2 different WANs. Correct, I can connect to WAN1 (DHCP) but not to WAN2 (Static IP, faster, more reliable). I am not sure what is wrong. All of the configs are the same and I did WAN2 just like WAN1 but it doesn't seem to work. Any ideas?

                1 Reply Last reply Reply Quote 0
                • K
                  KDB9000
                  last edited by

                  Umm…. It is working now. I guess I needed both VPN's in on the same port and one with "local <wan2 ip="">" because it is working now. And to test it I used VPN, got into the system and disabled the port for WAN and I was still on after applying. Kind of odd, but it is working. Thanks for the help.</wan2>

                  1 Reply Last reply Reply Quote 0
                  • K
                    KDB9000
                    last edited by

                    Well it seems to work sometimes. It seems like it I coming in one and going out the other. Normally I have to kind of play with the connection to get it to work. Any thoughts?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.