OpenVPN on PFSense
-
@travelmore said in OpenVPN on PFSense:
My WAN IP on my pf sense is a 72.x.x.x IP. I do not know if this IP actually ever changes. I just know its always a 72.x IP.
So you should have your server set to listen on this WAN IP.
Then in the Client export utility set the "Host Name Resolution" to "interface address". So it put the public IP automatically into the remote line.However, you have to make the change on the client. So either you can edit the config there or export a new config from pfSense and import it on the client.
-
@viragomann Thank you for your help. I appreciate it.
Okay, before i make those changes, I just noticed something that I don't know will change your answer above. The pic below. the gateway WAN is a 72.241.xxx.1 and the WAN in the interface is a 72.241.xxx.x <--this is the IP idk if it ever changes. I would assume the WAN gateway never changes but when i do a cmd prompt i show the default gateway as my pfsense IP as a 192.x.x.x
So what I am unsure of is, when you say, So you should have your server set to listen on this WAN IP.......where specifically do i put this WAN IP?
(in tunnel settings ipv4, ipv4 local network or client export host name) -
@travelmore said in OpenVPN on PFSense:
I would assume the WAN gateway never changes
You WAN IP is given by a DHCP server. It might change, but not necessarily. It's on your ISP.
If it should ever, you can subscript to a dynDNS service and use the host name for connecting.
but when i do a cmd prompt i show the default gateway as my pfsense IP as a 192.x.x.x
On a LAN device, I guess. This should show the pfSense LAN IP as gateway.
< So what I am unsure of is, when you say, So you should have your server set to listen on this WAN IP.......where specifically do i put this WAN IP?
In the server settings at interface. pfSense should provide a drop-down, from where you can select your WAN DHCP IP.
-
@travelmore In the Client export, change Host Name Resolution to Interface IP address, then export a new client config and use it on your client.
-
@viragomann This is what is already set in Server setting. I didn't make any change to it just looked and saw that was set.
These are the tunnel settings ips currently, I believe these are correct. Please verify.
This is the client export host name ip
I have just now done as @Jarhead stated and changing the hostname res. to interface IP address (below) and exporting a new client config.
I will let you guys know if i can connect.
-
@travelmore said in OpenVPN on PFSense:
I will let you guys know if i can connect.
I think we both know you will now.
-
@travelmore
Yes, it's correct.
Whether you select other in the export tool and state the IP or select the "interface address", you should get the same result: The WAN IP in the remote line in the conf file.Basically the "other" option is meant to state an IP or host name which is not known by pfSense. For instance if there is another router in front of it.
-
@travelmore It worked!! Thank you guys. Now I do have a silly question. If i wanted to connect to a PC on my network how would I do that? I kinda thought that was the point of OpenVPN was having a connection back to your network from an outside network.
I was thinking it would show a list of devices I could connect to but maybe I need to add something else to this?
Either way I am glad it is working. Thank you so much.
-
@travelmore said in OpenVPN on PFSense:
It worked!!
Glad to hear.
If i wanted to connect to a PC on my network how would I do that?
Which way? What's your intention?
Do you want to access a file share or remote desktop? -
@viragomann Thank you. So I want to connect from my PC on my home network, from my cell phone and have access to it. I am trying to record a meeting while I am away so if i can hop on my phone, remote into my PC using OpenVPN and accept the meeting call (google duo), then use a program to record said meeting. let the meeting run, log out of my PC, then log back in to my PC when i know the meeting will be over and click stop recording after an hr or so.
Then i do want to connect to my home network from a laptop from a coffee shop, or a friends house and be able to access anything from my network that I would be able to just like if i was at home and yes file share if possible.
Hopefully those situations help. I don't want to use team viewer because I wont have access to view my PC to see what their temp login info is because it always changes each time you use it on a personal device, etc.
-
@travelmore Just so you know, TeamViewer can be setup with an account and grant "easy access" to you so it won't change.
But you got the vpn going now. -
@travelmore said in OpenVPN on PFSense:
then use a program to record said meeting. let the meeting run, log out of my PC, then log back in to my PC when i know the meeting will be over and click stop recording after an hr or so.
I'd expect that the record stops, when logging out, since it might run in a user session, which you were closing.
You could lock the screen at best, but you can disconnect the VPN.To be honest, I also think all this would be easier to do with Teamviewer or alike.
So you intend to access the desktop of you local PC.
You can do the with RDP if it's Windows or you have to install a VNC server or something like that.
In any case you will need an app on your cell phone, which is capable to connect to the desktop.
Do you have any? -
@jarhead Thank you for that info. I have a TV account but have had issues with it lately that's why i just wanted to go and use OpenVPN.
Dont know if this matters but I do know I set up my config file to be a full tunnel (at least according to the info i shared on that link by adding redirect-gateway def1). If what I understand is right I believe full tunnel is better than split tunnel.
-
@viragomann I used Team viewer yrs ago but the issues w/the remote programs alike, i always need the 'login' info and i don't have that. I don't always have a remote app on my phone and honestly i'd like to just use 1 app i know that works. Now that OpenVPN works i'd prefer to keep it if anything I figure later on do TV as a second remote option but like i said i had issues w/it currently.
From what I recall OpenVPn yrs ago worked and i could access things from my laptop but i don't know how it works for my phone remoting into my devices. I don't see a drop down per say and I am unsure how to navigate the OpenVPN to connect to my PC. If i have to setup specific clients to remote into on OpenVPN I'm fine doing that just not sure how.
-
@travelmore Look for Microsoft RD Client. I use it on Android, guessing it's on iPhone too.
-
@travelmore
Yes, but if you want to see the desktop of your PC on your phone you need to run a server on the PC, which provide it to the client (expect a Linux desktop).
This server could be Windows Remote Desktop, a VNC server or TV or any.
And on the phone you need an app which can access it.
So what you you prefer?I have the "Remote VNC" app on my phone to be able to connect to my home servers desktops from outside over OpenVPN in case of disaster.
However, this app doesn't support RDP or it requires an extra fee. Don't need it anyway.But handle the desktop on my 4'' phone display is quite painful at all. ^^
-
@jarhead Thanks i'll look into it. I've used remote utilities and Teamviewer in the past.
-
@viragomann ok so I will need to use Team Viewer on my pc and on my phone to see my PC from my phone. right?
so what is the purpose of having open VPN on a phone and to connect back to a home network (if it seems its more suited for using on a laptop to connect to different devices/ transfer files).
-
@travelmore said in OpenVPN on PFSense:
ok so I will need to use Team Viewer on my pc and on my phone to see my PC from my phone. right?
Never said that. There are some different option and you have to choose one that fits your needs before going on.
so what is the purpose of having open VPN on a phone and to connect back to a home network
- Accessing files on your NAS or accessing any other resources at home.
- Troubleshooting home servers if you no laptop available.
- Replacing your public IP by your homes IP, when you are abroad, for instance to access specific resources in the internet like a video streaming service, which is only available in your country.
- Traffic filtering.
There might be might be some more reasons for connecting to the home router from a cell phone.
-
@viragomann and @Jarhead well I was able to test from my phone tonight and realized its not going to work on my phone so it'll have to be on a PC when i do this. Thank you guys for your help today! I am stoked this is working for the VPN.
-
T TravelMore referenced this topic on