OpenVPN and IPSec VPN both providing internet

OpenVPN
Log in to reply
  • M

    I have pfSense set up on a VPS, and have created an IPSec VPN from my router providing internet service.  (My router only supports IPSec, not OpenVPN.)  This all works great.

    However, I would like to add an OpenVPN connection as well so that I can connect through the VPN when I am away from home.  I have set everything up through the Wizard in pfSense 2.1.5, and exported the Windows and Android client configurations.  Both get proper IP addresses assigned, but neither gets internet access.  I can ping the pfSense server from the PC from the OpenVPN IP address though (192.168.1.1).

    Before I troubleshoot farther I just wanted to make sure it is possible to have both IPSec and OpenVPN connections to the internet?  I see from the Site-to-Site configuration How-to page (https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site):

    Both IPSec and OpenVPN may be enabled/in use at the same time, however, not for the same subnets. Any IPSec tunnel that references the same pair of subnets configured for use in OpenVPN must be disabled. IPSec and OpenVPN do not conflict otherwise.

    Both of my connections need to use 0.0.0.0/0.  However, the other end of each of these is different.

    Am I correct thinking that this should work okay?

    0
  • M

    More information.  Here is the server side config file:

    dev ovpns1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local xxx.xxx.xxx.xxx
tls-server
server 10.0.2.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 5
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 192.168.1.1"
push "dhcp-option NTP 192.168.1.1"
push "redirect-gateway def1"
client-to-client
duplicate-cn
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
float

    And the client side for the OpenVPN Windows program:

    dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote xxx.xxx.xxx.xxx 1194 udp
lport 0
verify-x509-name "CarsonOpenVPNServerCert" name
auth-user-pass
pkcs12 pfsense-udp-1194-mcarson75.p12
tls-auth pfsense-udp-1194-mcarson75-tls.key 1
ns-cert-type server
comp-lzo

    Thanks,
    -Matt

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy