Connecting to WAN2 with OpenVPN



  • I have searched he forum and the one thing that game me any info that would help was this wiki:

    http://doc.pfsense.org/index.php/Multi-WAN_OpenVPN

    So I followed t but it still won't work for me. I can connect to WAN1 but it is DHCP and can change on me, plus it keeps going down. I used th same config (edited the port and address) for the client and same config for the server end (different port and "local <wan2 ip="">" in custom commands at the bottom). I also have my rules in the wall correct to let it though:

    Proto  Source Port Destination  Port  Gateway  Schedule  Description
    TCP/UDP  *  *  *      1195  64.20.192.185      Open VPN port 1195

    Here is my client config (some info is edited):

    float
    port 1195
    dev tun
    dev-node OpenVPN
    proto udp
    remote <wan2 ip="">1195
    #remote <wan1 ip="">1194
    ping 30

    persist-tun
    persist-key

    tls-client
    ca <name>.crt
    cert <name>.crt
    key <name>.key

    ns-cert-type server
    comp-lzo
    pull
    ##verb 5

    WAN1 IP is in there but it is commented out. Like I said it is a copy of the other one that still works, just some minor alterations.

    Any thoughts?</name></name></name></wan1></wan2></wan2>



  • could you provide the two config files for your server?

    why are you using a different port on your second WAN?



  • How do I get the other config file? I took this out of the wiki I have linked in my first post:

    Because your primary WAN's VPN configuration is binding to all IP's using its port, you will have to use a different port for your OPT WAN interface's OpenVPN server.

    But it hasn't made a difference. I might have to wait till tomorrow to get you the second config, I think i just messed up my working VPN. While we wait, were do I get it from?



  • I was able to get the working VPN back up. Here is the config for the one I am trying to get up, on the server side:

    writepid /var/run/openvpn_server0.pid
    #user nobody
    #group nobody
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    dev tun
    proto udp
    cipher BF-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    server 10.100.100.0 255.255.255.0
    client-config-dir /var/etc/openvpn_csc
    push "route 10.10.0.0 255.255.0.0"
    lport 1195
    push "dhcp-option DNS 10.10.10.1"
    push "dhcp-option NTP 10.10.10.1"
    ca /var/etc/openvpn_server0.ca
    cert /var/etc/openvpn_server0.cert
    key /var/etc/openvpn_server0.key
    dh /var/etc/openvpn_server0.dh
    comp-lzo
    persist-remote-ip
    float
    local <wan2 ip="">And this is the working VPN:

    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    dev tun
    proto udp
    cipher BF-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    server 10.100.100.0 255.255.255.0
    client-config-dir /var/etc/openvpn_csc
    push "route 10.10.0.0 255.255.0.0"
    lport 1194
    push "dhcp-option DNS 10.10.10.1"
    push "dhcp-option NTP 10.10.10.1"
    ca /var/etc/openvpn_server1.ca
    cert /var/etc/openvpn_server1.cert
    key /var/etc/openvpn_server1.key
    dh /var/etc/openvpn_server1.dh
    comp-lzo
    persist-remote-ip
    float</wan2>



  • @KDB9000:

    Because your primary WAN's VPN configuration is binding to all IP's using its port, you will have to use a different port for your OPT WAN interface's OpenVPN server.

    That's why i wonder why you're using 2 servers.
    Cant you connect to the same server just on a different interface?



  • No, both are on one server, just 2 different WANs. Correct, I can connect to WAN1 (DHCP) but not to WAN2 (Static IP, faster, more reliable). I am not sure what is wrong. All of the configs are the same and I did WAN2 just like WAN1 but it doesn't seem to work. Any ideas?



  • Umm…. It is working now. I guess I needed both VPN's in on the same port and one with "local <wan2 ip="">" because it is working now. And to test it I used VPN, got into the system and disabled the port for WAN and I was still on after applying. Kind of odd, but it is working. Thanks for the help.</wan2>



  • Well it seems to work sometimes. It seems like it I coming in one and going out the other. Normally I have to kind of play with the connection to get it to work. Any thoughts?


Log in to reply