• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN client to OPT1

Scheduled Pinned Locked Moved OpenVPN
9 Posts 3 Posters 3.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    Petras22
    last edited by Dec 12, 2010, 3:39 PM

    I have pfsense box with 3 nics (WAN, LAN and OPT1). And I also have remote OpenVPN server..

    I want to configure pfsense so it connects to remote OpenVPN server and puts that network on OPT1.

    How can I do that?

    1 Reply Last reply Reply Quote 0
    • C
      Cry Havok
      last edited by Dec 12, 2010, 9:38 PM

      AFAIK you can't quite do that - OpenVPN will be a fourth network interface, you can't replace a physical one with it.

      1 Reply Last reply Reply Quote 0
      • P
        Petras22
        last edited by Dec 12, 2010, 10:15 PM

        Then what can I do if I only need one network device to use that OpenVPN connection… and other ones to use LAN without OpenVPN? Maybe VLANs?

        If my desired configuration possible with pfsense?

        I need two networks LAN + LAN (as OpenVPN client). I hope it is easy to understand what I need.

        1 Reply Last reply Reply Quote 0
        • C
          Cry Havok
          last edited by Dec 12, 2010, 10:24 PM

          Then that sounds like a basic routing and firewalling problem, there's nothing fancy in what little you've described.

          It would be easier to provide advice if you were clearer in what you're trying to do.  A simple diagram may help you explain what you're trying to do, since then it should be clearer where that "one network device" is for instance.

          1 Reply Last reply Reply Quote 0
          • P
            Petras22
            last edited by Dec 13, 2010, 8:12 AM

            Hope this helps to explain what I need to achieve.

            1 Reply Last reply Reply Quote 0
            • C
              Cry Havok
              last edited by Dec 13, 2010, 9:35 PM

              You mean you want it to be in the same broadcast domain, not routed?

              The remote OpenVPN server has to be in bridge mode (tap).  Then for the simplest approach you should install the OpenVPN client on the device, that's the only way to have it then on the network.  Anything else will instead put the OpenVPN server onto the remote network instead.

              1 Reply Last reply Reply Quote 0
              • P
                Petras22
                last edited by Dec 14, 2010, 12:29 PM

                Yes you got it right, I want that device (and only that one device) to be on same broadcast domain.

                The remote OpenVPN server already is in bridge mode. Actually I can easily achieve needed functionality using routers with open-wrt or dd-wrt. So I thought that it should be easily done using PfSense. Well I guess I was wrong :(  This looks like really big limitation then :(

                I cannot install openvpn client on that device because its an embedded device. All I want is to bridge that two networks on some network interfaces leaving other interfaces intact.

                1 Reply Last reply Reply Quote 0
                • C
                  Cry Havok
                  last edited by Dec 14, 2010, 12:34 PM

                  You might be able to do it in 2.0, I haven't looked.  It's probably also possible if you get "under the hood", but again I haven't looked.

                  If it isn't available in 2.0 then you may want to consider opening a bounty for the feature.

                  1 Reply Last reply Reply Quote 0
                  • G
                    GruensFroeschli
                    last edited by Dec 14, 2010, 1:45 PM

                    http://doc.pfsense.org/index.php/OpenVPN_Bridging

                    We do what we must, because we can.

                    Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                    1 Reply Last reply Reply Quote 0
                    6 out of 9
                    • First post
                      6/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received