OpenVPN Routing question
-
So I finally got a P2P connection established between two pfSense 2.0 boxes. I'm still not to where I want to be though. Here's what I want:
Location A (Server), with LAN 192.168.0.1, connected through the Internet via OpenVPN to Location B. At location B I have two LAN interfaces (192.168.50.0 and 192.168.60.0). On one of the interfaces, call it LAN1 (…50.0), I don't want to have any connection to the VPN (just a simple gateway to the 'Net). On the other interface, LAN2 (...60.0), I want to have all of the traffic (local and internet) routed through the VPN.
What do I need to do? I need specific commands as I'm not really a pro at these OpenVPN commands and routing tables.
Thanks
-
I'm not sure whether all of this will work or not, but you could try this. You may need the OpenVPN server at location B assigned to an interface in Interfaces: Assign for this to work.
At location B, go to Diagnostics: Routes to find what gateway IP address is used to access the 192.168.0.0/24 subnet. Go to System: Routing and add that gateway IP on a gateway entry with your OpenVPN interface selected. On your LAN2's allow rules, under the advanced options find the gateway options and select the gateway you added. On location B's LAN1, you may need to block access to addresses on location A's LAN and at location A block access from LAN to location B's LAN1 if you don't want LAN1 to have access to anything through the VPN.
I think this should work to do what you want.
-
Thanks so much. After following your suggestion, I got most of want I want accomplished. The missing piece is that I still can't access the LAN (192.168.0.0) on the Server side (Location A).
I can ping 192.168.0.1 from the pfSense Diagnostics page on the 'Client' side (Location B). However, when I try to ping from a computer connected to the LAN2 (192.168.60.0) I get no reply.
I added a route in the System:Routes page as well as added a rule in the LAN rules of the Location A. Now, whether I actually made the rule correctly is another story. I'll try to attach the appropriate pages and maybe you have an idea.
Thanks again.
Floating WAN LAN IPsec OpenVPN
ID Proto Source Port Destination Port Gateway Queue Schedule Description
* LAN net * * * * none Default allow LAN to any rule
* 192.168.150.0/24 * * * * none
* 192.168.60.0/24 * * * * none
pass block reject log
pass (disabled) block (disabled) reject (disabled) log (disabled)Hint:
•Rules are evaluated on a first-match basis (i.e. the action of the first rule to match a packet will be executed). This means that if you use block rules, you'll have to pay attention to the rule order. Everything that isn't explicitly passed is blocked by default.
•You may drag and drop rules using your mouse to reorder the rule ordering. -
OK, nevermind, got it now. All working as desired.
Now, how to work on the throughput. The reason for the VPN is so that I can get Skype and Internet TV such as Netflix, VUDU, etc., over where I live in the Middle East. Thus the reason for the two LANs.
LAN1 has my regular computers I use for surfing the net and work. Which is why I want all of that traffic to get routed straight to the net. LAN2 has my Skype phone and Media Center PC and BlueRay player on it. Thus why I want all of that traffic routed over the VPN to my pfSense box in the 'States.
I would like to put maximum priority on streaming traffic over the VPN.
I know this is off the topic but any suggestions on where to start?
Thanks again