Openvpn using default gateway

paulc

I understand this has been covered but to be honest I havent really seen any responses that work. This issue is we have 2 wan interfaces, one is for general traffic and the other one is exclusively for openvpn.

wan1(net 192.168.0.0 [default] gw 192.168.0.1)<==> Lan(net 192.168.111.0 gw 192.168.111.1)
wan2(net 192.168.11.0 gw 192.168.11.1) <==> Lan(net 192.168.111.0 gw 192.168.111.1)

We have the openvpn connection up and running through wan2 and can connect to the pfsense daemon which is at 192.168.111.1 (lan gateway).
We cannot ping past that machine though. We want all the openvpn traffic to go vi wan2 and all other traffic via wan1. But we do not want to change the default GW and this is the one for some reason the openvpn instance picks up as its gw when it starts.
I am sure this is a simpe one it is just I have been looking at it for too long now and cant see the issues anymore.

GruensFroeschli

Well i'm not sure what your problem is.

If you just leave the firewall-rule on LAN on the default values it should work (in particular the gateway has to be "default" –> *).

Is the OpenVPN connection a site-to-site connection?
You would have to add a route for the other side so pfSense know when it has to send traffic over the VPN tunnel.

dhudson4god

I'm having the exact same problem.  OpenVPN packets are getting routed through the main WAN interface instead of my symmetrical DSL connection.  I've tried setting up a firewall rule to force the OpenVPN port over the VPN interface, but to no avail.

GruensFroeschli

You mean you want to initiate from pfSense itself a connection to another site over the second WAN?

@http://forum.pfsense.org/index.php/topic:

General Stuff:
If you want to make use of WANx for a service on pfSense:
@Hoba:

You need a static route to the <remote-tunnel-endpoint-ip>/32 via <gateway-of-wan2>. All services running at the pfSense directly (like ipsec, a proxy, dnsforwarder,…) only follow the routingtable definitions.</gateway-of-wan2></remote-tunnel-endpoint-ip>

effing

Hi all,

if I understood dhudson4god right he means:

MultiWan, one dynamic, one static. OVPN should be listinig on opt1 (static) and of course should answer on the same interface. The problem is that when ovpn starts it takes the gateway of the WAN-interface as default gateway:

LOG:
openvpn[92133]: gw 195.14.XXX.XX (-> this is the dynamic address)

so it looks as if the question to open OVPN-tunnel is recieved but the answer is send over the wrong interface. Is that possible?

If so, i have the same problem.

Thanks for any help,

e.

effing

Ok, it doesnt seem to have anything to do with the default gw.

I changed several things and I cant really tell what the solution was, but now it works.

• my systemtime was wrong
• for some reason it didnt work with wlan (ubuntu client)
• in the option field i put local xxx.xxx.xxx.xxx (static ip) to force ovpn to listen on the static ip
• i had to start ovpn with sudo on the commandline because with normal user rights the tun device couldnt be configured

Maybe this helps somebody.

e.