Yesterday I was diving into why I could not connect *to* openvpn clients from the office, and discovered that having a rule that sends all LAN traffic to our WAN failover pool was interfering with that traffic. Ultimately it dawned on me that this is also the cause that I cannot originate connections to my home office (running roaming IPSec) from the main office, and adding rules to route these LANs to the 'default' gateway before the pool rule allowed such connections to work.
Now, the curious part of this is that the fixed end-point IPsec remote offices were never affected by the failover pool rule! There was never any problem connecting to my data center via the vpn from the main office even without my new rules to direct its traffic to the default gateway. I think it would be really nice if the VPN endpoints would all behave like the fixed endpoint IPsec connections so I did not need to add rules to the LAN filter to avoid the failover pool rule. Barring that, it would be really handy to have on the "destination" drop down an item for OpenVPN and/or IPSec endpoints, similarly to how there is one for PPTP clients. Thanks! ps, I'm running pfSense 1.2.3 everywhere other than the OpenVPN clients, which are random laptops running windows, freebsd, or macos. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
