Hello all
I am trying to set up OpenVPN-1 to come out of LAN port(or can be port 3 on my 4 port box) and OpenVPN -2 to come out of a separate port. I tried to search the pfsense docs and on this forum and did not find what I was looking for.
I have the openVPN clients set up and working, the interfaces are set. nat rules are duplicated for each Interface.
Can anyone point me to a guide or mind helping me?
Thanks in advance
It sounds like yo are trying to setup multiple VPN clients on pfSense.
On my setup I have multiple clients and I use static routes to direct the traffic to their destination.
If you want to setup say a UK and US client VPN I’m uncertain how to route the traffic through the different gateways. For sure you need the rules but I can’t quite see it.
Not completely clear on the goal, but you direct traffic based on subnet/network not port/interface. If you are looking to do policy routing they have documentation here Multiple WAN Connections — Policy Routing Configuration | pfSense Documentation
and I have an older video about using it here https://youtu.be/ov-xddVpxhc
Thank you for the replies!
So to clairify. i am looking to do a 2 LAN setup. So I have a 4 port pfsense box. I have my wan connection on port one. I want 2 cables coming out of my pfsense box to have different VPN connections from different cities. Lan1 and Lan2.
I have the two VPN clients running properly and sending data, both work individually if I am only trying to use one cable coming our of the pfsesne box.
I set up two more interfaces, one for the physical cable and one for the VPN. I pointed it to a new IP range of 192.168.3.100. The first connection is 192.168.2.100
I setup the same rules for lan1 as lan2 but with the different ips.
My box keeps showing lan2 with an X.
I’ve tried restarting the pfsense box with no luck. Not sure of the proper way to configure, but I tried to duplicate the setting of my Lan1 and it isn’t working.
also sorry if there is a reply coming from my phone, my email did not send properly, so disregard a duplicate post if it comes
On my pfSense box I have 3 VPNs configured that work as a pool but if I were to remove the pooling component they would be totally independent, what I have setup is on my LAN the default gateway is the regular WAN interface from my ISP and on my GEST interface (happens to be a VLAN) I have set the default gateway to use my VPN gateway.
You could configure your LAN1 to use VPN gateway 1 and LAN2 to use VPN gateway 2 provided you have the correct rules and routing configured in pfSense.
I think that is where I have messed up or not configured properly. I tried to make the rules to do this but it isnt working, my LAN1 VPN1 is working but the LAN2 is not getting internet
are the rules for lan1 and lan2 duplicated?
where do i make the rules/routing to tell which vpn to go where?
You need to make sure that both VPNs are setup under System → Routing → Gateway you will also need to make sure that LAN1 and LAN2 have the appropriate Outbound NAT configuration under Firewall → NAT → Outbound. You will also need to make each OpenVPN connection an interface as well. I do not have any firewall rules of each of the VPN interfaces but I do have some on my LAN and GUEST interfaces. For instance, I have a small set of IP addresses (they are assigned via DHCP reservation) on the GUEST network that can use the WAN gateway as some people have issues with the VPN for example when using online banking.
so under my gateway for the 2 vpn’s they are both set to dynamic ip address under the name, it is also greyed out so i cannot change it
is this normal?
Typically you cannot change a few properties on a gateway once it is created though you can remove them and make new ones if you need to change properties. I did have to inorder to rename my gateways to something meaningful.
Even after manually creaating a new gateway to attempt to change the ip range it sill did not work. I reverted back to beofre
I have no firewall rules under the vpn’s. I have the rules under lan1 and lan2 identical other than the source. lan1 source is lan net. lan 2 source is lan2 net
you will need to click show advanced on lan1 and lan2 in order to specify a gateway.
The range for the gateway is only for monitoring and is specific to if your address is from DHCP or statically assigned.
sorry do you mean click advanced under firewall rules for lan1 and lan2
then i specify the vpn gateway?
Here are some screenshots of the routing settings, outbound nat and the firewall rule for the guest network
For your rule that is at the bottom for where traffic exits the network click edit then show advanced. I just see in my shot they are both set to WAN1 right now for testing but it should say VPN-TUN_Gateway
So i went to advanced in rules and changed the gateway to my vpn1 for lan 1 also changed vpn2 for lan2.
SAme thing. Lan1 works properly
no internet on lan2. Even on my pfsense box I dont show the green light on that cable
did you add the correct NAT entries for outbound traffic?
So i have lan1 set to 192.168.2.100, lan2 is set to 192.168.3.100.
Befor i added the lan2 i had the outbound rule for vpn1. It showed 192.168.2.0
I duplpicated the rule and canged ip to 192.168.3.0,
is this correct?
and have the appropriate vpn selected for each
