OpenVPN with non-default gateway
-
I'm trying to setup a PFSense router as a 'new' gateway for an office.
They have some external vendors that use a CiscoASA currently to connect.
I was setting up the PFSense as an 'alternative' router with a 50/50 DHCP setup.
(A side note - I figured DHCP would start assigning new clients, but the Cisco seems to be faster :) )
When I setup a remote VPN, I obviously won't be able to connect to anything that is using the Cisco as a remote gateway, as the packets would go from the new firewall, to the device, then to the default gateway (Cisco) and get lost.
Edit: If I setup NAT, on the new firewall for VPN clients, it would work, right?
One bug:
Whoops, looks like even when DHCP assigns the PFSense firewall as the default gateway, I still can't access any of the internal systems. For example, I have a printer that I can't access when I'm on the VPN, although I can 'ping' it. I thought the OpenVPN wizard would add a firewall rule. (It has under 'OpenVPN' on the firewall tab). Do I need to add access rules permitting the internal subnet access to the OpenVPN subnet?
== John ==
-
This is a simple User access VPN, not a site to site
Internal IP's are 192.168.10.X
PFSense is 192.168.10.254
Cisco is 192.168.10.1PFSense gives out 172.30.30.X addresses to VPN
I can access 192.168.10.254 via VPN when connected.
My IP address is 172.30.30.2 when connected.
Now that the office is 'waking up' I do get some DHCP addresses; the two internal printers are both PING able, but I cannot print to them. Says it's offline.
Although the Redirect Gateway option is specified, "Force all client generated traffic through the tunnel" when I connect I don't see it:
Connection-specific DNS Suffix . : corp.com
Link-local IPv6 Address . . . . . : stuff
IPv4 Address. . . . . . . . . . . : 172.30.30.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :I can trace a route to a printer, for example, but not connect:
Tracing route to HPOJ8600.corp.com [192.168.10.100]
over a maximum of 30 hops:1 22 ms 19 ms 24 ms 172.30.30.1
2 28 ms * 21 ms HPOJ8600.corp.com [192.168.10.100]Which makes me think I'm missing some allow rules, but the wizard added the following rule:
3/10 KiB IPv4 * * * * * * none OpenVPN Remote user access wizard
Do I need to add allow rules from 172.30.30.x to 192.168.10.x and vice versa?
== John ==