OpenVPN and IPSec VPN both providing internet
-
I have pfSense set up on a VPS, and have created an IPSec VPN from my router providing internet service. (My router only supports IPSec, not OpenVPN.) This all works great.
However, I would like to add an OpenVPN connection as well so that I can connect through the VPN when I am away from home. I have set everything up through the Wizard in pfSense 2.1.5, and exported the Windows and Android client configurations. Both get proper IP addresses assigned, but neither gets internet access. I can ping the pfSense server from the PC from the OpenVPN IP address though (192.168.1.1).
Before I troubleshoot farther I just wanted to make sure it is possible to have both IPSec and OpenVPN connections to the internet? I see from the Site-to-Site configuration How-to page (https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site):
Both IPSec and OpenVPN may be enabled/in use at the same time, however, not for the same subnets. Any IPSec tunnel that references the same pair of subnets configured for use in OpenVPN must be disabled. IPSec and OpenVPN do not conflict otherwise.
Both of my connections need to use 0.0.0.0/0. However, the other end of each of these is different.
Am I correct thinking that this should work okay?
-
More information. Here is the server side config file:
dev ovpns1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-128-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local xxx.xxx.xxx.xxx tls-server server 10.0.2.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc username-as-common-name auth-user-pass-verify /var/etc/openvpn/server1.php via-env tls-verify /var/etc/openvpn/server1.tls-verify.php lport 1194 management /var/etc/openvpn/server1.sock unix max-clients 5 push "route 192.168.1.0 255.255.255.0" push "dhcp-option DNS 192.168.1.1" push "dhcp-option NTP 192.168.1.1" push "redirect-gateway def1" client-to-client duplicate-cn ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.1024 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo persist-remote-ip float
And the client side for the OpenVPN Windows program:
dev tun persist-tun persist-key cipher AES-128-CBC auth SHA1 tls-client client resolv-retry infinite remote xxx.xxx.xxx.xxx 1194 udp lport 0 verify-x509-name "CarsonOpenVPNServerCert" name auth-user-pass pkcs12 pfsense-udp-1194-mcarson75.p12 tls-auth pfsense-udp-1194-mcarson75-tls.key 1 ns-cert-type server comp-lzo
Thanks,
-Matt