OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: douglasg14b on April 28, 2018, 10:07:49 pm

Title: OpenVPN Issues
Post by: douglasg14b on April 28, 2018, 10:07:49 pm
I was not sure how to title this as there is a whole host of issues that just don't seem to work.

My setup: I have three VPN clients, three different interfaces that where auto-generated (one each), and the standard outbound NAT rules for each of them. I am trying to route different traffic through different clients. I have this exact same setup, working, on PFSense, and am trying to replicate it on Opnsense. I am keeping it simpel for now and just enabling a catch-all rule on LAN to use a specific VPN clients gateway to test.

I have VPN1, VPN2, VPN3. I will use these designations for my explanations.


If I have more than one OpenVPN client connected, all gateways except for the first one to connect don't have an IP until I restart Opnsense. I have to restart Opnsense anytime I disable and re-enable a VPN client for it's gateway to get an IP, even though the client status shows that is has an IP. For example, I have VPN3 enabled when I restart opnsense, it comes online and has an IP, the interface shows the ip, the gateway shows the ip. I enable VPN1, the client shows it has an IP, the interface doesn't show an IP, the gateway shows no IP.

Firewall Rules

The firewall rules are acting.... funny. Say I have VPN3 online (gateway shows IP), I make a catch-all rule to use the VPN3 gateway. No traffic goes through, and it instead uses the next rule down which is my WAN gateway. I have to enable VPN1, and do nothing else, and traffic will go through the VPN3 gateway. I thought I might have interfaces mixed up, but traffic only is recorded on the VPN3 client, not the VPN1 client....

What is going on here? I've replicated, nearly exactly, the rules, interfaces, gateways, and outbound NAT from pfsense and it's acting very weird, and does not work with any level of consistency. Why does enabling more than 1 OpenVPN client make it so that client and any others don't have IPs in their gateways?

Edit: All the OpenVPN interfaces have the same mac (all zeros) is that a source of the problem? I tried setting a mac for each of them, but it doesn't show on the interfaces overview.