Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN on PFSense

    Scheduled Pinned Locked Moved OpenVPN
    34 Posts 3 Posters 4.4k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      TravelMore @Jarhead
      last edited by

      @jarhead No i did not that is set to other
      a3aafc61-839f-4dce-a414-a2e0fff06331-image.png

      The options i have in the drop-down for that host name resolution is:
      Interface IP Address
      Automagic multi-wan IPs
      Automagic multi-wan DDNS
      Installation hostname

      1 Reply Last reply Reply Quote 0
      • T Offline
        TravelMore @viragomann
        last edited by TravelMore

        @viragomann The host name box in client export utility is set to other (post above i believe shows this info and pic).

        As far as editing the config file, the IP that is in the remote line is the IP for my pihole.

        My WAN IP on my pf sense is a 72.x.x.x IP. I do not know if this IP actually ever changes. I just know its always a 72.x IP.

        My LAN is a 192.x.x.x it is a static ip.

        I did check and see the OpenVPN service is running now which is an improvement from previously.

        I believe i have everything going to my pihole, as PF Sense shows DNS server is 1st IP my pihole, 2nd is cloudflare IP. In cmd prompt default gateway shows the IP of my Pfsense box.
        So to answer your question about 'is pfsense the default gateway in your network...i think yes is the answer. sry, still learning how all these interact.

        V 1 Reply Last reply Reply Quote 0
        • V Offline
          viragomann @TravelMore
          last edited by

          @travelmore said in OpenVPN on PFSense:

          My WAN IP on my pf sense is a 72.x.x.x IP. I do not know if this IP actually ever changes. I just know its always a 72.x IP.

          So you should have your server set to listen on this WAN IP.
          Then in the Client export utility set the "Host Name Resolution" to "interface address". So it put the public IP automatically into the remote line.

          However, you have to make the change on the client. So either you can edit the config there or export a new config from pfSense and import it on the client.

          T 1 Reply Last reply Reply Quote 0
          • T Offline
            TravelMore @viragomann
            last edited by TravelMore

            @viragomann Thank you for your help. I appreciate it.
            Okay, before i make those changes, I just noticed something that I don't know will change your answer above. The pic below. the gateway WAN is a 72.241.xxx.1 and the WAN in the interface is a 72.241.xxx.x <--this is the IP idk if it ever changes. I would assume the WAN gateway never changes but when i do a cmd prompt i show the default gateway as my pfsense IP as a 192.x.x.x

            6939d985-6093-4d4a-bdf8-e6c8408cc77b-image.png

            So what I am unsure of is, when you say, So you should have your server set to listen on this WAN IP.......where specifically do i put this WAN IP?
            (in tunnel settings ipv4, ipv4 local network or client export host name)

            V J 2 Replies Last reply Reply Quote 0
            • V Offline
              viragomann @TravelMore
              last edited by

              @travelmore said in OpenVPN on PFSense:

              I would assume the WAN gateway never changes

              You WAN IP is given by a DHCP server. It might change, but not necessarily. It's on your ISP.

              If it should ever, you can subscript to a dynDNS service and use the host name for connecting.

              but when i do a cmd prompt i show the default gateway as my pfsense IP as a 192.x.x.x

              On a LAN device, I guess. This should show the pfSense LAN IP as gateway.

              < So what I am unsure of is, when you say, So you should have your server set to listen on this WAN IP.......where specifically do i put this WAN IP?

              In the server settings at interface. pfSense should provide a drop-down, from where you can select your WAN DHCP IP.

              T 1 Reply Last reply Reply Quote 0
              • J Offline
                Jarhead @TravelMore
                last edited by

                @travelmore In the Client export, change Host Name Resolution to Interface IP address, then export a new client config and use it on your client.

                1 Reply Last reply Reply Quote 0
                • T Offline
                  TravelMore @viragomann
                  last edited by

                  @viragomann This is what is already set in Server setting. I didn't make any change to it just looked and saw that was set.
                  e01ad472-fbaa-43a3-8c6e-799e46664728-image.png

                  These are the tunnel settings ips currently, I believe these are correct. Please verify.
                  2455ba2d-1069-4243-9847-cf77e9d4cb29-image.png

                  This is the client export host name ip
                  fa435692-ce29-4f50-b2be-e93549f2d4e0-image.png

                  I have just now done as @Jarhead stated and changing the hostname res. to interface IP address (below) and exporting a new client config.
                  d41376b0-facc-4917-bbf2-aa9d2e5c3f80-image.png

                  I will let you guys know if i can connect.

                  J V T 3 Replies Last reply Reply Quote 0
                  • J Offline
                    Jarhead @TravelMore
                    last edited by

                    @travelmore said in OpenVPN on PFSense:

                    I will let you guys know if i can connect.

                    I think we both know you will now.

                    1 Reply Last reply Reply Quote 0
                    • V Offline
                      viragomann @TravelMore
                      last edited by

                      @travelmore
                      Yes, it's correct.
                      Whether you select other in the export tool and state the IP or select the "interface address", you should get the same result: The WAN IP in the remote line in the conf file.

                      Basically the "other" option is meant to state an IP or host name which is not known by pfSense. For instance if there is another router in front of it.

                      1 Reply Last reply Reply Quote 0
                      • T Offline
                        TravelMore @TravelMore
                        last edited by

                        @travelmore It worked!! Thank you guys. Now I do have a silly question. If i wanted to connect to a PC on my network how would I do that? I kinda thought that was the point of OpenVPN was having a connection back to your network from an outside network.

                        I was thinking it would show a list of devices I could connect to but maybe I need to add something else to this?

                        Either way I am glad it is working. Thank you so much.

                        V 1 Reply Last reply Reply Quote 0
                        • V Offline
                          viragomann @TravelMore
                          last edited by

                          @travelmore said in OpenVPN on PFSense:

                          It worked!!

                          Glad to hear.

                          If i wanted to connect to a PC on my network how would I do that?

                          Which way? What's your intention?
                          Do you want to access a file share or remote desktop?

                          T 1 Reply Last reply Reply Quote 0
                          • T Offline
                            TravelMore @viragomann
                            last edited by TravelMore

                            @viragomann Thank you. So I want to connect from my PC on my home network, from my cell phone and have access to it. I am trying to record a meeting while I am away so if i can hop on my phone, remote into my PC using OpenVPN and accept the meeting call (google duo), then use a program to record said meeting. let the meeting run, log out of my PC, then log back in to my PC when i know the meeting will be over and click stop recording after an hr or so.

                            Then i do want to connect to my home network from a laptop from a coffee shop, or a friends house and be able to access anything from my network that I would be able to just like if i was at home and yes file share if possible.

                            Hopefully those situations help. I don't want to use team viewer because I wont have access to view my PC to see what their temp login info is because it always changes each time you use it on a personal device, etc.

                            J V 2 Replies Last reply Reply Quote 0
                            • J Offline
                              Jarhead @TravelMore
                              last edited by

                              @travelmore Just so you know, TeamViewer can be setup with an account and grant "easy access" to you so it won't change.
                              But you got the vpn going now.

                              T 1 Reply Last reply Reply Quote 0
                              • V Offline
                                viragomann @TravelMore
                                last edited by

                                @travelmore said in OpenVPN on PFSense:

                                then use a program to record said meeting. let the meeting run, log out of my PC, then log back in to my PC when i know the meeting will be over and click stop recording after an hr or so.

                                I'd expect that the record stops, when logging out, since it might run in a user session, which you were closing.
                                You could lock the screen at best, but you can disconnect the VPN.

                                To be honest, I also think all this would be easier to do with Teamviewer or alike.

                                So you intend to access the desktop of you local PC.
                                You can do the with RDP if it's Windows or you have to install a VNC server or something like that.
                                In any case you will need an app on your cell phone, which is capable to connect to the desktop.
                                Do you have any?

                                T 1 Reply Last reply Reply Quote 0
                                • T Offline
                                  TravelMore @Jarhead
                                  last edited by

                                  @jarhead Thank you for that info. I have a TV account but have had issues with it lately that's why i just wanted to go and use OpenVPN.

                                  Dont know if this matters but I do know I set up my config file to be a full tunnel (at least according to the info i shared on that link by adding redirect-gateway def1). If what I understand is right I believe full tunnel is better than split tunnel.

                                  1 Reply Last reply Reply Quote 0
                                  • T Offline
                                    TravelMore @viragomann
                                    last edited by TravelMore

                                    @viragomann I used Team viewer yrs ago but the issues w/the remote programs alike, i always need the 'login' info and i don't have that. I don't always have a remote app on my phone and honestly i'd like to just use 1 app i know that works. Now that OpenVPN works i'd prefer to keep it if anything I figure later on do TV as a second remote option but like i said i had issues w/it currently.

                                    From what I recall OpenVPn yrs ago worked and i could access things from my laptop but i don't know how it works for my phone remoting into my devices. I don't see a drop down per say and I am unsure how to navigate the OpenVPN to connect to my PC. If i have to setup specific clients to remote into on OpenVPN I'm fine doing that just not sure how.

                                    J V 2 Replies Last reply Reply Quote 0
                                    • J Offline
                                      Jarhead @TravelMore
                                      last edited by

                                      @travelmore Look for Microsoft RD Client. I use it on Android, guessing it's on iPhone too.

                                      T 1 Reply Last reply Reply Quote 0
                                      • V Offline
                                        viragomann @TravelMore
                                        last edited by

                                        @travelmore
                                        Yes, but if you want to see the desktop of your PC on your phone you need to run a server on the PC, which provide it to the client (expect a Linux desktop).
                                        This server could be Windows Remote Desktop, a VNC server or TV or any.
                                        And on the phone you need an app which can access it.
                                        So what you you prefer?

                                        I have the "Remote VNC" app on my phone to be able to connect to my home servers desktops from outside over OpenVPN in case of disaster.
                                        However, this app doesn't support RDP or it requires an extra fee. Don't need it anyway.

                                        But handle the desktop on my 4'' phone display is quite painful at all. ^^

                                        T 1 Reply Last reply Reply Quote 0
                                        • T Offline
                                          TravelMore @Jarhead
                                          last edited by

                                          @jarhead Thanks i'll look into it. I've used remote utilities and Teamviewer in the past.

                                          1 Reply Last reply Reply Quote 0
                                          • T Offline
                                            TravelMore @viragomann
                                            last edited by

                                            @viragomann ok so I will need to use Team Viewer on my pc and on my phone to see my PC from my phone. right?

                                            so what is the purpose of having open VPN on a phone and to connect back to a home network (if it seems its more suited for using on a laptop to connect to different devices/ transfer files).

                                            V 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.