Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
newbie help setup 3x VPN Clients to Provider locations [solved]
« previous
next »
Print
Pages: [
1
]
Author
Topic: newbie help setup 3x VPN Clients to Provider locations [solved] (Read 6883 times)
gwaitsi
Newbie
Posts: 17
Karma: 0
newbie help setup 3x VPN Clients to Provider locations [solved]
«
on:
October 31, 2016, 08:12:50 pm »
Hi All,
Just played with IPFire and concluded it is not user friendly enough for me.
Have decided to go for opnsense as it looks easier to get the important aspects up and running for me.
two areas, where i failed with ipfire and need assistance with please.
I have two internal nets green and blue (contains media and game systems connecting to internet)
green 192.168.2.x
blue 192.168.3.x
I setup under ipfire an OpenVPN client and had some problems
- it needs multiple vpn client locations to round robin in case the first one fails
- no notifications, etc if the vpn can't be established
- routing would only work if i routed 192.168.0.0 if i tried the two individual nets, it didn't work.
- when i routed 192.168.0.0, everything worked expect for gigaset phone....
i could only get the directory to connect but no voice channel.
- i have a work laptop that can go on either network (both have WAPs connected). It has it's own VPN and therefore does not need to be routed over the firewall vpn. (i guess that could be the solution for the SIP phone as well, but would prefer the SIP phone over an encrypted connection out of country.
i basically followed this guide on
https://www.ovpn.se/en/guides/ipfire/
for setting up the vpn client.
can someone give a newbie pointers please on;
- setup vpn client with round robin i.e. 4 or 5 alternates
- setup notifications if vpn is down
- setup split vpn routing based on mac addr and/or ip addr
- setup sip client to work over the vpn and the non-vpn with vpn is down.
muchas gracias
«
Last Edit: November 08, 2016, 09:16:40 am by gwaitsi
»
Logged
Julien
Hero Member
Posts: 666
Karma: 33
Re: newbie help with initial setup
«
Reply #1 on:
October 31, 2016, 11:07:08 pm »
Hi buddy,
i think you are on the wrong forum.
this forum is about OPNsense.
i would suggest to use OPNsense this manual would help you
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html?highlight=openvpn
Logged
OPNsense 23.1.7_3-amd64
FreeBSD 13.1-RELEASE-p7
OpenSSL 1.1.1t 7 Feb 2023
gwaitsi
Newbie
Posts: 17
Karma: 0
Re: newbie help with initial setup
«
Reply #2 on:
November 01, 2016, 11:54:56 am »
I think you misunderstand. I opened with the reasons i moved to opnsense. that's all.
Current status is;
Problem 1
- i have defined 3x vpn clients defined (from the same provider)
I have tested enabling all three at the same time and at any one time, i have two online. the 3rd one doesn't come up till i stop on of the others.
i want to have them so that if the 1st is down, the vpn will switch to the 2nd one and so on.
i.e. i always want my traffic going over the vpn
Question:
How can i configure this to always have/use an alternate vpn if one is down - I see System/Gateways only works with the Interfaces and not the OpenVPNs. Load Balancing refers to Gateways for multiWAN. can i be notified if one is down via smtp?
Problem 2
- i can switch the client/s on, and they all come online but i am not certain there is routing over the vpn - or indeed which one as the two are shown connected.
I set a rule on the lan0
- source lan0 to any
I set a rule on the vpn0
- source lan0 to any
but traceroutes from the clients are being blocked and a traceroute from ssh on the box, is not going through the vpn.
what am i doing wrong please?
thanks of the help
Logged
gwaitsi
Newbie
Posts: 17
Karma: 0
Re: newbie help with initial setup
«
Reply #3 on:
November 01, 2016, 05:46:47 pm »
I'm close, but not there yet and could use some help.
a) 3x VPN Clients established (vpn0, vpn1, vpn3)
b) 3x interfaces defined (vint0, vint1, vpn2)
c) 1x Group (EVPN) round robin, all Tier1 vpn0, vpn1, Tier 2 vpn2
d) FW-Rules
OPENVPN source green0 to any - gateway EVPN
GREEN0 source green0 to any - gateway EVPN
VINT0 source green0 to any - gateway EVPN
VINT1 source green0 to any - gateway EVPN
VINT2 source green0 to any - gateway EVPN
3) FW-NAT-Outbound
VINTO source green0 to any nat VINTO
OpenVPN source green0 to any nat OpenVPN
I am doing something wrong, cause the clients on green0 are not routing through the VPN.
Not even talking about the vpn pool.
*** after reboot, routing goes via the vpn goes across vpn0 but doesn't auto re-reroute across vpn1 if i stop vpn0
«
Last Edit: November 02, 2016, 07:20:18 am by gwaitsi
»
Logged
gwaitsi
Newbie
Posts: 17
Karma: 0
Re: newbie help with initial setup of VPN Client to Provider
«
Reply #4 on:
November 03, 2016, 09:07:35 pm »
This is very bizarre, i followed the instructions here
https://docs.opnsense.org/manual/how-tos/multiwan.html
i.e. regarding setting up the monitoring on the gateways, but for the VPNs.
Now:
- according to system/gateways page: vpn3 (tier 2) is down
- dashboard status, all 3x vpn connections are up
- system/routes/status / default gateway is vpn3
- vpn/status - all three are up
- firewall/rules/openvpn - green0/blue0 * * * Gateway = gateway pool name
- firewall/rules/vpn1&2&3 / no rules defined
- tracert goes via vpn3 (tier2) while other two are tier1
- if i change the gateway on the green0/blue/ to the pool as stated, routing doesn't go via vpn at all.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
newbie help setup 3x VPN Clients to Provider locations [solved]