Connecting to WAN2 with OpenVPN
-
I have searched he forum and the one thing that game me any info that would help was this wiki:
http://doc.pfsense.org/index.php/Multi-WAN_OpenVPN
So I followed t but it still won't work for me. I can connect to WAN1 but it is DHCP and can change on me, plus it keeps going down. I used th same config (edited the port and address) for the client and same config for the server end (different port and "local <wan2 ip="">" in custom commands at the bottom). I also have my rules in the wall correct to let it though:
Proto Source Port Destination Port Gateway Schedule Description
TCP/UDP * * * 1195 64.20.192.185 Open VPN port 1195Here is my client config (some info is edited):
float
port 1195
dev tun
dev-node OpenVPN
proto udp
remote <wan2 ip="">1195
#remote <wan1 ip="">1194
ping 30persist-tun
persist-keytls-client
ca <name>.crt
cert <name>.crt
key <name>.keyns-cert-type server
comp-lzo
pull
##verb 5WAN1 IP is in there but it is commented out. Like I said it is a copy of the other one that still works, just some minor alterations.
Any thoughts?</name></name></name></wan1></wan2></wan2>
-
could you provide the two config files for your server?
why are you using a different port on your second WAN?
-
How do I get the other config file? I took this out of the wiki I have linked in my first post:
Because your primary WAN's VPN configuration is binding to all IP's using its port, you will have to use a different port for your OPT WAN interface's OpenVPN server.
But it hasn't made a difference. I might have to wait till tomorrow to get you the second config, I think i just messed up my working VPN. While we wait, were do I get it from?
-
I was able to get the working VPN back up. Here is the config for the one I am trying to get up, on the server side:
writepid /var/run/openvpn_server0.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
server 10.100.100.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 10.10.0.0 255.255.0.0"
lport 1195
push "dhcp-option DNS 10.10.10.1"
push "dhcp-option NTP 10.10.10.1"
ca /var/etc/openvpn_server0.ca
cert /var/etc/openvpn_server0.cert
key /var/etc/openvpn_server0.key
dh /var/etc/openvpn_server0.dh
comp-lzo
persist-remote-ip
float
local <wan2 ip="">And this is the working VPN:writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto udp
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configure
server 10.100.100.0 255.255.255.0
client-config-dir /var/etc/openvpn_csc
push "route 10.10.0.0 255.255.0.0"
lport 1194
push "dhcp-option DNS 10.10.10.1"
push "dhcp-option NTP 10.10.10.1"
ca /var/etc/openvpn_server1.ca
cert /var/etc/openvpn_server1.cert
key /var/etc/openvpn_server1.key
dh /var/etc/openvpn_server1.dh
comp-lzo
persist-remote-ip
float</wan2>
-
Because your primary WAN's VPN configuration is binding to all IP's using its port, you will have to use a different port for your OPT WAN interface's OpenVPN server.
That's why i wonder why you're using 2 servers.
Cant you connect to the same server just on a different interface?
-
No, both are on one server, just 2 different WANs. Correct, I can connect to WAN1 (DHCP) but not to WAN2 (Static IP, faster, more reliable). I am not sure what is wrong. All of the configs are the same and I did WAN2 just like WAN1 but it doesn't seem to work. Any ideas?
-
Umm…. It is working now. I guess I needed both VPN's in on the same port and one with "local <wan2 ip="">" because it is working now. And to test it I used VPN, got into the system and disabled the port for WAN and I was still on after applying. Kind of odd, but it is working. Thanks for the help.</wan2>
-
Well it seems to work sometimes. It seems like it I coming in one and going out the other. Normally I have to kind of play with the connection to get it to work. Any thoughts?
