Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN and IPSec VPN both providing internet

    OpenVPN
    1
    2
    786
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mcarson75
      last edited by

      I have pfSense set up on a VPS, and have created an IPSec VPN from my router providing internet service.  (My router only supports IPSec, not OpenVPN.)  This all works great.

      However, I would like to add an OpenVPN connection as well so that I can connect through the VPN when I am away from home.  I have set everything up through the Wizard in pfSense 2.1.5, and exported the Windows and Android client configurations.  Both get proper IP addresses assigned, but neither gets internet access.  I can ping the pfSense server from the PC from the OpenVPN IP address though (192.168.1.1).

      Before I troubleshoot farther I just wanted to make sure it is possible to have both IPSec and OpenVPN connections to the internet?  I see from the Site-to-Site configuration How-to page (https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site):

      Both IPSec and OpenVPN may be enabled/in use at the same time, however, not for the same subnets. Any IPSec tunnel that references the same pair of subnets configured for use in OpenVPN must be disabled. IPSec and OpenVPN do not conflict otherwise.

      Both of my connections need to use 0.0.0.0/0.  However, the other end of each of these is different.

      Am I correct thinking that this should work okay?

      1 Reply Last reply Reply Quote 0
      • M
        mcarson75
        last edited by

        More information.  Here is the server side config file:

        dev ovpns1
        dev-type tun
        tun-ipv6
        dev-node /dev/tun1
        writepid /var/run/openvpn_server1.pid
        #user nobody
        #group nobody
        script-security 3
        daemon
        keepalive 10 60
        ping-timer-rem
        persist-tun
        persist-key
        proto udp
        cipher AES-128-CBC
        up /usr/local/sbin/ovpn-linkup
        down /usr/local/sbin/ovpn-linkdown
        client-connect /usr/local/sbin/openvpn.attributes.sh
        client-disconnect /usr/local/sbin/openvpn.attributes.sh
        local xxx.xxx.xxx.xxx
        tls-server
        server 10.0.2.0 255.255.255.0
        client-config-dir /var/etc/openvpn-csc
        username-as-common-name
        auth-user-pass-verify /var/etc/openvpn/server1.php via-env
        tls-verify /var/etc/openvpn/server1.tls-verify.php
        lport 1194
        management /var/etc/openvpn/server1.sock unix
        max-clients 5
        push "route 192.168.1.0 255.255.255.0"
        push "dhcp-option DNS 192.168.1.1"
        push "dhcp-option NTP 192.168.1.1"
        push "redirect-gateway def1"
        client-to-client
        duplicate-cn
        ca /var/etc/openvpn/server1.ca
        cert /var/etc/openvpn/server1.cert
        key /var/etc/openvpn/server1.key
        dh /etc/dh-parameters.1024
        tls-auth /var/etc/openvpn/server1.tls-auth 0
        comp-lzo
        persist-remote-ip
        float
        
        

        And the client side for the OpenVPN Windows program:

        dev tun
        persist-tun
        persist-key
        cipher AES-128-CBC
        auth SHA1
        tls-client
        client
        resolv-retry infinite
        remote xxx.xxx.xxx.xxx 1194 udp
        lport 0
        verify-x509-name "CarsonOpenVPNServerCert" name
        auth-user-pass
        pkcs12 pfsense-udp-1194-mcarson75.p12
        tls-auth pfsense-udp-1194-mcarson75-tls.key 1
        ns-cert-type server
        comp-lzo
        
        

        Thanks,
        -Matt

        1 Reply Last reply Reply Quote 0
        • First post
          Last post