OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: gwaitsi on October 31, 2016, 08:12:50 pm

Title: newbie help setup 3x VPN Clients to Provider locations [solved]
Post by: gwaitsi on October 31, 2016, 08:12:50 pm
Hi All,
Just played with IPFire and concluded it is not user friendly enough for me.
Have decided to go for opnsense as it looks easier to get the important aspects up and running for me.

two areas, where i failed with ipfire and need assistance with please.

I have two internal nets green and blue (contains media and game systems connecting to internet)
green 192.168.2.x
blue 192.168.3.x

I setup under ipfire an OpenVPN client and had some problems
- it needs multiple vpn client locations to round robin in case the first one fails
- no notifications, etc if the vpn can't be established
- routing would only work if i routed if i tried the two individual nets, it didn't work.
- when i routed, everything worked expect for gigaset phone....
  i could only get the directory to connect but no voice channel.
- i have a work laptop that can go on either network (both have WAPs connected). It has it's own VPN and therefore does not need to be routed over the firewall vpn. (i guess that could be the solution for the SIP phone as well, but would prefer the SIP phone over an encrypted connection out of country.

i basically followed this guide on https://www.ovpn.se/en/guides/ipfire/ for setting up the vpn client.

can someone give a newbie pointers please on;
- setup vpn client with round robin i.e. 4 or 5 alternates
- setup notifications if vpn is down
- setup split vpn routing based on mac addr and/or ip addr
- setup sip client to work over the vpn and the non-vpn with vpn is down.

muchas gracias

Title: Re: newbie help with initial setup
Post by: Julien on October 31, 2016, 11:07:08 pm
Hi buddy,
i think you are on the wrong forum.
this forum is about OPNsense.
i would suggest to use OPNsense this manual would help you https://docs.opnsense.org/manual/how-tos/sslvpn_client.html?highlight=openvpn
Title: Re: newbie help with initial setup
Post by: gwaitsi on November 01, 2016, 11:54:56 am
I think you misunderstand. I opened with the reasons i moved to opnsense. that's all.

Current status is;

Problem 1
- i have defined 3x vpn clients defined (from the same provider)

I have tested enabling all three at the same time and at any one time, i have two online. the 3rd one doesn't come up till i stop on of the others.

i want to have them so that if the 1st is down, the vpn will switch to the 2nd one and so on.
i.e. i always want my traffic going over the vpn

How can i configure this to always have/use an alternate vpn if one is down - I see System/Gateways only works with the Interfaces and not the OpenVPNs. Load Balancing refers to Gateways for multiWAN. can i be notified if one is down via smtp?

Problem 2
- i can switch the client/s on, and they all come online but i am not  certain there is routing over the vpn - or indeed which one as the two are shown connected.

I set a rule on the lan0
- source lan0 to any

I set a rule on the vpn0
- source lan0 to any

but traceroutes from the clients are being blocked and a traceroute from ssh on the box, is not going through the vpn.

what am i doing wrong please?

thanks of the help
Title: Re: newbie help with initial setup
Post by: gwaitsi on November 01, 2016, 05:46:47 pm
I'm close, but not there yet and could use some help.

a) 3x VPN Clients established (vpn0, vpn1, vpn3)

b) 3x interfaces defined (vint0, vint1, vpn2)

c) 1x Group (EVPN) round robin, all Tier1 vpn0, vpn1,  Tier 2 vpn2

d) FW-Rules
OPENVPN source green0 to any - gateway EVPN
GREEN0 source green0 to any - gateway EVPN
VINT0 source green0 to any - gateway EVPN
VINT1 source green0 to any - gateway EVPN
VINT2 source green0 to any - gateway EVPN

3) FW-NAT-Outbound
VINTO source green0 to any nat VINTO
OpenVPN source green0 to any nat OpenVPN

I am doing something wrong, cause the clients on green0 are not routing through the VPN.
Not even talking about the vpn pool.

*** after reboot, routing goes via the vpn goes across vpn0 but doesn't auto re-reroute across vpn1 if i stop vpn0
Title: Re: newbie help with initial setup of VPN Client to Provider
Post by: gwaitsi on November 03, 2016, 09:07:35 pm
This is very bizarre, i followed the instructions here https://docs.opnsense.org/manual/how-tos/multiwan.html i.e. regarding setting up the monitoring on the gateways, but for the VPNs.

- according to system/gateways page: vpn3 (tier 2) is down
- dashboard status, all 3x vpn connections are up
- system/routes/status / default gateway is vpn3
- vpn/status - all three are up
- firewall/rules/openvpn - green0/blue0 * * * Gateway = gateway pool name
- firewall/rules/vpn1&2&3 / no rules defined

- tracert goes via vpn3 (tier2) while other two are tier1
- if i change the gateway on the green0/blue/ to the pool as stated, routing doesn't go via vpn at all.