Newbie Openvpn settings question

on6zg

Hi,

I'm quite new to this so here goes : Running pfsense2.0rc2 on a alix board.
3 ports used: WAN / LAN / WORKLAN, LAN port is 192.168.10.1 Worklan is 192.168.20.1
I have an openvpn client installed and it seems to correctly connect to my work openvpn server.

Jun 13 19:42:15 openvpn[61218]: PUSH: Received control message: 'PUSH_REPLY,route 10.98.0.0 255.255.0.0,dhcp-option DNS 10.98.247.198,dhcp-option DNS 10.98.250.1,route
                        10.99.0.0 255.255.0.0,route 192.168.64.0 255.255.255.0,route 10.97.0.0 255.255.0.0,route 172.25.25.0 255.255.255.0,route 172.21.0.0 255.255.0.0,route
                        192.168.254.0 255.255.255.0,route 10.123.45.0 255.255.255.0,route 172.21.1.1,ping 10,ping-restart 60,ifconfig 172.21.1.14 172.21.1.13'
Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: timers and/or timeouts modified
Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: –ifconfig/up options modified
Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: route options modified
Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified

How can i make my WORKLAN connect to the vpn and leave the LAN seperate. I've also added an interface with the ovpc1.
But as I have no knowledge of vpn's i'm really stuck.

thanx for any help.

Nachtfalke

If I understand you correct, you can connect from the OpenVPN client to the pfsense webGUI/OpenVPN server but you cannot connect to the WORKLAN subnet ?

Just go to OpenVPN Server, edit and scroll down to advanced:

Enter:

push "route 192.168.20.0 255.255.255.0"

Save, restart, reconnect OpenVPN client.

PS: Remember to create a firewall rule to allow you OpenVPN client/network to access the WORKLAN.

Metu69salemi

First create deny rule bot lan and vpn networks to "see" each other and after that it should be done

on6zg

Hi,

Thanx for the replies. Actually there shouldn't be access from openvpn to the WORKLAN.
But when adding the rule to the openvpn, the normal LAN doesn't work anymore.

regards Jan.

Nachtfalke

@Metu69salemi
Why to create a deny rule !?

@on6zg
I do not really understand what you want to realize. Perhaps I have some misunderstanding because english is not my native language. Could you try to explain me the problem with other words and perhaps poste a screenshot or something which explains you scenario with ip addresses and subnets.

Metu69salemi

@nachtfalke

If i understood he wanted to deny access from other networks than openvpn and worklan

on6zg

Ok, So my normal lan (fysical port vr1) is used for normal internet traffic to WAN (fysical port vr2), I made a second WORKLAN (fysical port vr3) with a pc and a server on it. I can access my WORKLAN trough my normal lan, but not the other way around.
normal lan =192.168.10.X /24
worklan    =192.168.1.X /24

Now i'm trying to access a remote network via an openvpn trough my worklan, the other lan should not see it or be influenced.

When setting the push gateway in the advanced tap i seem to route all traffic from the worklan  trough the openvpn and the normal lan doesn't work anymore :(

that's the current situation
Thanx for all the help
Jan.