Access to the client terminal connected to the VPN

WarningSystem

I'm new to the area, starting to study pfSense.
I configured the OpenVPN server on pfSense with Remote Access (SSL/TLS + User Auth), exported the client, the client can connect normally to the company's internal network, accesses the share, everything is correct.
My question is, from the company's network can I connect to this client, access the data from his machine? Make a reverse connection (site-to-client).
This client has network software, which I need to access the software to generate a report.
Or is it only possible to make this connection with the configuration (site-to-site)?
This customer is a partner who only has one machine. It is currently not possible to place another pfSense server on site.

viragomann

@warningsystem said in Access to the client terminal connected to the VPN:

My question is, from the company's network can I connect to this client, access the data from his machine?

The needed data are on the client machine itself, as I understand? Accessing the network behind the client was more complicated and would need a client specific override, when running an access server.

You can access the client itself simply by its virtual IP. You can add a SCO anyway to assign a static virtual IP to him.
But you have to allow the access on the clients firewall at all.

A trick I'm using for Windows clients to enable access to them is pushing the default route to them, but with a high metric by adding this into the servers custom options box:

push "route-metric 512";push "route 0.0.0.0 0.0.0.0"

This makes the client "smooth", but networking has to be enabled on the client anyway.
However, consider that the pushed metric is applied to any route which is pushed to the client, but worked well.