Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN and MultiWAN [SOLVED]

    Scheduled Pinned Locked Moved
    OpenVPN
    2
    3
    3.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gerdesj
      last edited by

      I have a pfsense box (1.2) with three internet connections via NATing routers and a single LAN connection.  All interfaces have CARP addresses on them ready for stage 2 of this job.

      I have set up an OVPN (UDP on 1194) on the pfsense box and forwarded all the relevant addresses/ports and then configured my clients to "remote-random" to the external IPs.

      I can only get a connection on the WAN interface (ie not OPT1 or OPT2) and I notice that the OVPN log shows an entry for "gw via <ip for="" wan="" router="">"

      I have messed around with various settings eg forcing it to listen on a particular IP.

      I have another OVPN on port 443 that works fine, forwarded via OPT2, so is my solution to have 3 OVNS or am I missing a trick on the routing/FW rules?  I'm afraid I'm a bit new to BSD and suspect that 10 years of Linux may be getting in the way …

      I'd appreciate some help.</ip>

      1 Reply Last reply Reply Quote 0
      • R
        razor2000
        last edited by

        When running OpenVPN on your OPT1/OPT2 lines, be sure to use TCP instead of the default UDP for your port.  pfSense has issues when trying to connect to any port that runs on the UDP protocol when not using the WAN interface.

        Give it a try and good luck! :)

        1 Reply Last reply Reply Quote 0
        • G
          gerdesj
          last edited by

          @razor2000:

          When running OpenVPN on your OPT1/OPT2 lines, be sure to use TCP instead of the default UDP for your port.  pfSense has issues when trying to connect to any port that runs on the UDP protocol when not using the WAN interface.

          Give it a try and good luck! :)

          You sir a genius!  I think I saw that posted somewhere but must have ignored it.

          OpenVPN received wisdom is that TCP over TCP is a bad idea, something to do with a double exponential stand off which can cause serious performance snags.  Funnily enough I've been running it like that for years prior to putting in pfSense but thought I'd do the right thing this time - oh well!

          I have (briefly) tested all three of my external connections to my office LAN via this and they work very well.  I'm nearly ready to bin the many IPSEC tunnels which are a constant pain - regularly dropping and not recovering, unlike OVPN which has always struck me as far more robust.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.