OpenVPN - Two LANs, access both with a single VPN connection
-
Hi,
I have been using guides for setting up OpenVPN, and it works very well, for an single LAN that is.At the moment I have to separate LANs (using LAN og OPT1 port), 10.1.1.0/24 and 10.10.1.0/24
Rules are set up so they can communicate transparently (e.g access printers and RDP servers)In the OpenVPN Tunnel Settings, I can specify e.g. "Local Network" as 10.1.1.0/24, and the user/OpenVPNclient can access that network. However, he would like to access both LANs.
If I specify 10.10.1.0/24, he can only access computers in that other LAN.Is there an easy way to make a rule or route, that gives him access to both networks?
I have tried, with no luck so far.I am aware I can create two OpenVPN settings documents, and give user to separate logins/certificates, but I'm trying to make it less complicated on behalf of users.
Any good solutions will be appreciated :)
-
In the OpenVPN Tunnel Settings, I can specify e.g. "Local Network" as 10.1.1.0/24, and the user/OpenVPNclient can access that network. However, he would like to access both LANs.
If I specify 10.10.1.0/24, he can only access computers in that other LAN.From pfSense 2.1 onwards, on the OpenVPN server settings it says:
IPv4 Local Network/s - These are the IPv4 networks that will be accessible from the remote endpoint. Expressed as a comma-separated list of one or more CIDR ranges. You may leave this blank if you don't want to add a route to the local network through this tunnel on the remote machine. This is generally set to your LAN network.
Do that - put in:
10.1.1.0/24,10.10.1.0/24
On Firewall->Rules, OpenVPN make sure your rule/s allow traffic to both those subnets (sounds like OpenVPN rules are already good).
-
Do that - put in:
10.1.1.0/24,10.10.1.0/24
Thanks Phil, this is great news :)
In fact I've already tried that on aforementioned pfSense-box, and this is what I got:
• The field 'Local network' must contain a valid CIDR range."Reading your reply once more, and I realized you wrote "from pfSense 2.1", while I'm running v 2.01.
Then of course tried to upgrade immediately,
Auto Update Download Status
–--------------------------------------------------
Current Version : 2.0.1-RELEASE
Latest Version : 2.1-RELEASE
File size : 79564762
Downloaded : 7232338The image file is corrupt.
Update cannot continueThis seems to be a pretty common issue, and browsing the log showed this:
- filesystem full
- php: /system_firmware_auto.php: The command '/usr/bin/gzip -t '/root/latest.tgz'' returned exit code '1', the output was 'gzip: data stream error gzip: /root/latest.tgz: uncompress failed'
So I'll swap in a larger CF-card, and try upgrading during this week.
I will report back, if I succeed using your recommendations.Appreciate your help :)
-
On 2.0.n you can put statements in the Advanced box of the OpenVPN server settings to tell the client about routes to more local networks:
push "route 10.10.1.0 255.255.255.0"
and just put a single CIDR in the Local Network box:
10.1.1.0/24
so you will be able to achieve it without going to pfSense 2.1 if you want to get it going quickly.
PS: You must have a small CF card, or lots of packages and random stuff on it.
-
Thanks, Phil. I had a working config and then added a DMZ and was surprised that my VPN users couldn't get to it. Your reply clued me in that I forgot to update the IP4 Local Networks to add the DMZ subnet.