Jump to content
Not connected, Your IP: 54.198.139.112
Sign in to follow this  
JacksonLee

PFSense advanced setup Question

Recommended Posts

Hi,

 

I use pfsense to connect to VPN providers.

 

I got a Multi Gateway Setup (One Lan - 6 WAN). 5 Of these 5 WAN adapters are VPN connections to a different VPN Provider and I use rules on the Firewall to route traffic to these Connections.

They use the typical 10.x.0.1 Gateway, with a 255.255.255.0 Subnet Mask. This all works as expected.

 

Now I created another VPN Connection with AirVPN to this setup. I'm connected and this seems to be no Problem.

I also get a 10.x.0.1 Gateways but with a subnet mask of 255.255.0.0.

 

So If I want to route traffic trough the AirVPN client, it's a ) slow and b ) does not work as expected. ( I guess that A is because of B )

If I check my IP using one of the normal websites and refresh the website, I see that it rotates between all !!! VPN Connections. This is strange.

I checked my setup multiple times and don't see a reason why this happens. (I'm not using routing groups here)

 

Again, this only happens if I use the AirVPN Gateway for this traffic. If I use one of my other VPN Gateways, I permanently use this VPN connection.

 

ANY idea ?

Share this post


Link to post

I'd start by checking your routing table when you have multiple vpns connected.  If any of them have the same IP/gateway then it's only going to cause problems.  I always have at least 2 vpn connections running (all Air), but I connect each one to a different port on the Air server, which ensures that each connection gets a different IP (10.4.x, 10.6.x, 10.30.x).  If two interfaces have the same gateway then the appearance of round robin routing, even though not your intention, is a possibility, I would think.

Share this post


Link to post

Thanks @SirJohnEh,

 

routing Table looks fine to me:

 

 

IPv4

Destination     Gateway     Flags     Use     Mtu     Netif     Expire     

default     192.168.1.1     UGS     57877627     1500     bfe0

10.4.0.0/16     10.4.14.227     UGS     0     1500     ovpnc7

10.4.0.1     link#14     UH     0     1500     ovpnc7

10.4.0.1/32     10.4.0.1     UGS     0     1500     ovpnc7

10.4.14.227     link#14     UHS     0     16384     lo0

10.8.0.0/16     10.8.0.2     UGS     0     1500     ovpnc1

10.8.0.1     link#9     UH     152613     1500     ovpnc1

10.8.0.1/32     10.8.0.1     UGS     0     1500     ovpnc1

10.8.0.2     link#9     UHS     0     16384     lo0

10.9.0.0/16     10.9.0.2     UGS     0     1500     ovpnc5

10.9.0.1     link#13     UH     152613     1500     ovpnc5

10.9.0.1/32     10.9.0.1     UGS     0     1500     ovpnc5

10.9.0.2     link#13     UHS     0     16384     lo0

10.10.0.0/16     10.10.0.2     UGS     0     1500     ovpnc2

10.10.0.1     link#10     UH     152377     1500     ovpnc2

10.10.0.1/32     10.10.0.1     UGS     0     1500     ovpnc2

10.10.0.2     link#10     UHS     0     16384     lo0

10.11.0.0/16     10.11.0.2     UGS     0     1500     ovpnc3

10.11.0.1     link#11     UH     152377     1500     ovpnc3

10.11.0.1/32     10.11.0.1     UGS     0     1500     ovpnc3

10.11.0.2     link#11     UHS     0     16384     lo0

10.44.10.0/24     10.44.10.2     UGS     0     1500     ovpns6

10.44.10.1     link#8     UHS     0     16384     lo0

10.44.10.2     link#8     UH     0     1500     ovpns6

10.114.0.0/16     10.114.0.16     UGS     0     1500     ovpnc4

10.114.0.1     link#12     UH     118062     1500     ovpnc4

10.114.0.1/32     10.114.0.1     UGS     0     1500     ovpnc4

10.114.0.16     link#12     UHS     0     16384     lo0

127.0.0.1     link#6     UH     687     16384     lo0

192.168.1.0/24     link#3     U     152654     1500     bfe0

192.168.1.50     link#3     UHS     0     16384     lo0

192.168.178.0/24     link#2     U     55745313     1500     re1

192.168.178.1     link#2     UHS     0     16384     lo0

I tried disabling all other VPN connections one by one, but it was still doing round robin till the last VPN connection was closed and only the AirVPN connection was open.

 

I don't understand why this is happening, any help is much appreciated.

 

Share this post


Link to post

Are you sure you don't have a routing group setup and policy based routing configured in your fw rules?  Because based on that routing table, nothing should be going thru the vpn by default based on the configured default gateway.  As far as I can see, anything that is going thru a tunnel must be doing so based on policy based routing rules in your fw and assuming that's the case, I'd just double check to make sure you didn't actually create a routing group.  If you've checked that and there is definitely no group with round robin configured then I'm not really sure what would be causing the behaviour you're seeing.

Share this post


Link to post

I'd start by checking your routing table when you have multiple vpns connected.  If any of them have the same IP/gateway then it's only going to cause problems.  I always have at least 2 vpn connections running (all Air), but I connect each one to a different port on the Air server, which ensures that each connection gets a different IP (10.4.x, 10.6.x, 10.30.x).  If two interfaces have the same gateway then the appearance of round robin routing, even though not your intention, is a possibility, I would think.

 

I don't understand this. I connect simultaneously to multiple AirVPN servers each of which gives a gateway address of 10.4.0.1. I use a different "IPv4 Tunnel Network" when I set up each OpenVPN client. I use firewall rules to specify which tunnel to use. This seems to work fine?

Share this post


Link to post

I've never tried to set it up that way, but I suppose that would work just as well.  For me, it just seemed easier/more logical to connect to a different port on each server, which then saved me having to configure extra settings like that manually.

Share this post


Link to post

 

I'd start by checking your routing table when you have multiple vpns connected.  If any of them have the same IP/gateway then it's only going to cause problems.  I always have at least 2 vpn connections running (all Air), but I connect each one to a different port on the Air server, which ensures that each connection gets a different IP (10.4.x, 10.6.x, 10.30.x).  If two interfaces have the same gateway then the appearance of round robin routing, even though not your intention, is a possibility, I would think.

 

I don't understand this. I connect simultaneously to multiple AirVPN servers each of which gives a gateway address of 10.4.0.1. I use a different "IPv4 Tunnel Network" when I set up each OpenVPN client. I use firewall rules to specify which tunnel to use. This seems to work fine?

can you briefly explain how you configured this ?

 

I checked and there is definitely no policy based routing or so. I'm puzzled

Share this post


Link to post

can you briefly explain how you configured this ?

 

 

I checked and there is definitely no policy based routing or so. I'm puzzled

 

Set up an OpenVPN client as normal apart from in

 

/VPN/OpenVPN Client edit

 

specify a different value for each client in "IPv4 Tunnel Network" say 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24... etc.

 

As for set up Nat/Routing using firewall rules follow pfSenseFan's guide.

Bearing in mind you can set the LAN firewall rule created from the NAT rule up for a LAN IP address as source and not just separate interfaces as pfSenseFan uses.

Share this post


Link to post

Hi, this did not help. It's still using all VPN Connection rather then just one.

 

No idea why this happens, well I guess its just as it is

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...