OpenVPN and MultiWAN [SOLVED]



  • I have a pfsense box (1.2) with three internet connections via NATing routers and a single LAN connection.  All interfaces have CARP addresses on them ready for stage 2 of this job.

    I have set up an OVPN (UDP on 1194) on the pfsense box and forwarded all the relevant addresses/ports and then configured my clients to "remote-random" to the external IPs.

    I can only get a connection on the WAN interface (ie not OPT1 or OPT2) and I notice that the OVPN log shows an entry for "gw via <ip for="" wan="" router="">"

    I have messed around with various settings eg forcing it to listen on a particular IP.

    I have another OVPN on port 443 that works fine, forwarded via OPT2, so is my solution to have 3 OVNS or am I missing a trick on the routing/FW rules?  I'm afraid I'm a bit new to BSD and suspect that 10 years of Linux may be getting in the way …

    I'd appreciate some help.</ip>



  • When running OpenVPN on your OPT1/OPT2 lines, be sure to use TCP instead of the default UDP for your port.  pfSense has issues when trying to connect to any port that runs on the UDP protocol when not using the WAN interface.

    Give it a try and good luck! :)



  • @razor2000:

    When running OpenVPN on your OPT1/OPT2 lines, be sure to use TCP instead of the default UDP for your port.  pfSense has issues when trying to connect to any port that runs on the UDP protocol when not using the WAN interface.

    Give it a try and good luck! :)

    You sir a genius!  I think I saw that posted somewhere but must have ignored it.

    OpenVPN received wisdom is that TCP over TCP is a bad idea, something to do with a double exponential stand off which can cause serious performance snags.  Funnily enough I've been running it like that for years prior to putting in pfSense but thought I'd do the right thing this time - oh well!

    I have (briefly) tested all three of my external connections to my office LAN via this and they work very well.  I'm nearly ready to bin the many IPSEC tunnels which are a constant pain - regularly dropping and not recovering, unlike OVPN which has always struck me as far more robust.


Log in to reply