Le 6 oct. 2011 à 09:12, Dominik Schips a écrit : > Hello, > > I have three WAN interfaces on my pfSense 2.0 (amd64 full install): > > WAN1 - static IP (ADSL ISP1 by PPPoE) > WAN2 - static IP (SDSL ISP2 with public /27 network) > WAN3 - dynamic IP (Cable ISP3 by DHCP) > > I want OpenVPN access to be available on all WANs at the same time for > availibility reasons. > > I set up a OpenVPN server with the interface "any" so that the server is > listening on all interfaces. I added on all WANs a rule to allow access > (UDP/1194) to the OpenVPN. I only can access the VPN by the default GW > which is WAN3 at the moment. I tried with TCP but with the same > problems. I want to access the VPN by all of the WANs and push static > VPN IPs from the tunnel network to the clients by a client specific > override. > If I change the interface to a another WAN interface. I only could > access the VPN by this interface. > > Is this http://doc.pfsense.org/index.php/Multi-WAN_OpenVPN still > possible with the 2.0 release? > > My problem is that I need client overrides so that the clients always > get the same IP. They are grouped to access different networks by > firewall rules for the openvpn. > > Best regards, > Dominik Schips
>From my understanding here is the short answer : 1. Configure your server to listen on the LAN instead of the WAN interface 2. Create a NAT redirect for each of your WAN ports (generally UDP 1194) Such as : WAN1 12.34.56.7 1194 --> LAN 192.168.1.1 1194 WAN2 12.34.56.78 1194 --> LAN 192.168.1.1 1194 WAN3 12.34.56.79 1194 --> LAN 192.168.1.1 1194 3. On the client side you might want to update part of your config in order to have It try automatically cat /var/etc/openvpn/clientl.conf locate the line with remote 12.34.56.7 1194 and eventually add a line remote 12.34.56.78 1194 Take as this will be hard coded in your conf. This was my understanding of the solution… AFAICT –––––––––––––––––––––––––––––––––––––––––––––– ---------> Grégory Bernard Director <--------- ---------------> www.osnet.eu <--------------- --> Your provider of OpenSource appliances <-- –––––––––––––––––––––––––––––––––––––––––––––– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
