Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN and IPSec VPN both providing internet

    OpenVPN
    1
    2
    778
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcarson75 last edited by

      I have pfSense set up on a VPS, and have created an IPSec VPN from my router providing internet service.  (My router only supports IPSec, not OpenVPN.)  This all works great.

      However, I would like to add an OpenVPN connection as well so that I can connect through the VPN when I am away from home.  I have set everything up through the Wizard in pfSense 2.1.5, and exported the Windows and Android client configurations.  Both get proper IP addresses assigned, but neither gets internet access.  I can ping the pfSense server from the PC from the OpenVPN IP address though (192.168.1.1).

      Before I troubleshoot farther I just wanted to make sure it is possible to have both IPSec and OpenVPN connections to the internet?  I see from the Site-to-Site configuration How-to page (https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site):

      Both IPSec and OpenVPN may be enabled/in use at the same time, however, not for the same subnets. Any IPSec tunnel that references the same pair of subnets configured for use in OpenVPN must be disabled. IPSec and OpenVPN do not conflict otherwise.

      Both of my connections need to use 0.0.0.0/0.  However, the other end of each of these is different.

      Am I correct thinking that this should work okay?

      1 Reply Last reply Reply Quote 0
      • M
        mcarson75 last edited by

        More information.  Here is the server side config file:

        dev ovpns1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local xxx.xxx.xxx.xxx
tls-server
server 10.0.2.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 5
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
push "dhcp-option NTP 192.168.1.1"
push "redirect-gateway def1"
client-to-client
duplicate-cn
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float

        And the client side for the OpenVPN Windows program:

        dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote xxx.xxx.xxx.xxx 1194 udp
lport 0
verify-x509-name "CarsonOpenVPNServerCert" name
auth-user-pass
pkcs12 pfsense-udp-1194-mcarson75.p12
tls-auth pfsense-udp-1194-mcarson75-tls.key 1
ns-cert-type server
comp-lzo

        Thanks,
        -Matt

        1 Reply Last reply Reply Quote 0
        • First post
          Last post