Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN configuration with double firewall

    OpenVPN
    2
    5
    811
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Moli
      last edited by

      Good morning,
      I have a problem with configuring the openVPN tunnel. I have two firewalls which are pfSense and OPNsense. The configuration done is on the first one, which is pfSense. The pfSense has two interfaces, the WAN, which goes outside and the DMZ. In turn the OPNsense has two others, the DMZ that connects to the same DMZ network as the first one and the second interface is the LAN.
      The objective is to be able to reach from the outside to the LAN via VPN connection. In part it is working, but it only connects to DMZ. But I have to get to the LAN. I can't do that.
      The VPN tunnel I have created in pfSense via wizard. So the rules have been created automatically.
      I hope you can help me.
      Thank you very much in advance

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Moli
        last edited by

        @moli said in OpenVPN configuration with double firewall:

        I have a problem with configuring the openVPN tunnel. I have two firewalls which are pfSense and OPNsense.

        What's the purpose of having two?

        If you have your reasons and need to only access networks behind the inner firewall, best practice would be to run the VPN on this one.
        Otherwise you would have to route the traffic with static routes on both.

        M 1 Reply Last reply Reply Quote 0
        • M
          Moli @viragomann
          last edited by

          @viragomann
          Good morning,
          Thank you very much for your prompt response.
          I am working in a company that has this network segmentation, and what they want to do is to configure the VPN on the first one for the security reasons.
          So the VPN on pfSense is already configured and working, but only up to the DMZ network. I was looking at several pages on the internet and I can't find the information that is valid for my case. Because what I need to do is to configure openVPN on the external firewall (pfSense) and reach the LAN, which is behind the internal firewall (OPNsense).

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Moli
            last edited by

            @moli
            As mentioned, with this set up you need to route the traffic on both firewalls properly.

            Ensure you have added the LAN network to the "Local networks" in the OpenVPN server settings.

            Then on pfSense add the DMZ IP of OPNsense as a gateway in System > Routing > Gateways, go to the static routes tab and add a new one for the LAN subnet and select the OPNsense as gateway.

            On the OPNsense if the DMZ interface is the original WAN ensure that it doesn't block private IP ranges in the interface settings. Since it's a pfSense fork, I assume, it has a similar default setting.
            Also add a rule allow the incoming traffic on the DMZ interface from the source of the OpenVPN tunnel network.
            If pfSense is the upstream gateway on the OPNsense, as I assume, there is no route needed to direct responses back.

            M 1 Reply Last reply Reply Quote 0
            • M
              Moli @viragomann
              last edited by

              @viragomann Thank you very much for your help.
              I have already solved it that way.
              Best regards

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.