Pfsense 2.1 Wan in DSL DMZ for OpenVPN server only
-
As as last resort I can leave the WAN in the DMZ of the DSL router. Change the LAN subnet to something else, move all wired devices inside LAN. I can then just do an allow rule of the 3 wireless clients from the WAN to LAN and or I could use OpenVPN the way that its supposed tool from those wireless clients to reach the LAN
All this seems like a big hassle….I have done this once with openvpn+linux+bridge ports with a single nic while my wife was in labor.. Heck I did it remotly using logmein to get a winbows desktop inside to setup the port Forwarding for openvpn on port 80 since the hostpital block everything but std web traffic.
-
BTW - Why did you put WAN and the LAN are on the same subnet?
Since I'd never do that, I feel this must be the issue - I'm not sure what the WAN in DMZ and the LAN are on the same subnet will do to a network as far as openvpn is concerned. So far, it seems like nothing good. -
Well… I felt really useful for a few minutes... Then not so much ;D
It was worth a try!! I've enjoyed the help.
I'm tyring to avoid driving to the clients location to change IP's and rewire things. I can do this with a default linux install and I just had this PF server sitting there waiting for the DSL contract to expire so they can switch to cable and do things the right way. Modem > Wan Pfsense | Lan > switch …...WAPS and clients....
-
I like the plan you mentioned earlier of simplifying thing. I think as far as the openvpn setup goes, you are doing it right.
-
What about this
Put the VPNserver on the LAN interface….block all but ports 1194 and 22
REmove the DMZ and just port forward the 1194 from the modem to the IP of the Lan IP?
I can put bogus IP on wan since it doesn't need to so any thing
-
I say try it…
-
I just ended up blocking my self…..it didn't work.
I just moved the LAN to subnet 192.168.253.0/24 and I will go there on tomorrow and rewire the switches and add default openvpn for the wireless clients and have OpenVPN just run at startup for them to give them access to the LAN
From what should have taken 1 hour to complete I have been messing with this for 3 days to save a 10min drive and a couple of onsite hours.
-
Sounds painful. Sorry you got locked out.
-
I've got pfsense running with openvpn and various devices like ubuntu laptops & android phones vpn'ing in no problem at all with all subsequent client traffic routed through pfsense which is what I want.
I used this guide.
http://www.apollon-domain.co.uk/?p=433In ubuntu (12.04) I've added the client info as per the pfsense zip file, but in ubuntu there is an option to add a private key password which I found did nothing but you do have to enter something otherwise you cant save the settings in the network vpn gui.
Maybe you'll get some mileage with the link?
-
I wouldn't use gopenvpn. Issuing the command works best when you want to be able to start and stop on demand.
If you wanted an auto-start service, just putting the config in the /etc/openvpn folder and issuing command to start service handles things fine.
His problem isn't starting openvpn - Thats fine. His issue is the way the network is configured.
-
Yes I was using a system designed to be a firewall for something that its not supposed to be doing. I'm fully up on how to use, launch openvpn. I have many other systems from Site to Site and Road Warrior setups that works just fine.
I just moved the LAN to subnet 192.168.253.0/24 and I will go there on tomorrow and rewire the switches and add default openvpn for the wireless clients and have OpenVPN just run at startup for them to give them access to the LAN
Boom working like supposed to be.
Topic can be closed
-
Boom - Glad to hear it 8)