Connect to OpenVPN Access Server?
-
where exactly should i check if compression is enabled on opevnpn-as?
thanks for support
-
it is see your warning… I would have to log into one of mine and look to where/if you can turn it off.
-
Thank you!
That worked, it connected to OpenVPN-AS.
Would you mind if i ask another question - i am trying to accomplish something and i am not 100% it can be accomplished / done.
Big thanks again!
-
Sure ask away..
-
Thank you!
I have 4 PC's , 2 Laptop's , 2 Smart TV's in my "home network".
I have Wi-Fi R7000 Router in AP mode.
I would like to have only 2 Smart TV's using OpenVPN's AS IP (so, 2 local IPs - i already have those IPs assigned as Static IPs in pfSense).
Is this possible? Would you mind helping with this?
Big thanks,
damir -
Sure this is a simple policy route.. Assign your vpn connection to an interface. Set this up as gateway, then create a rule in your lan that says hey if this IP or IPs going anywhere go out the vpn connection.
I am about ready to leave work, and much easier to setup and show screen shots when home vs remote.. Will post some screen shots how to do when I get home.
-
Big thanks! man, big big thanks!
sorry for bothering you so much, and thank you a lot!
-
Ok here you go.. So make you assign your vpnclient to an interface - don't give it an IP, then create a gateway using that interface (do not set it default). You can disable the _v6 interface it creates.
Make sure you have a nat to this interface in your outbound nats to your network range.
Then create a rule that says hey your source IP or IPs when NOT going to your local networks.. That is what the ! is in the rule and I use an alias that has my local networks in it and tell it to use the gateway.. Now when that source IP or IPs is going to anything other than your local networks that rule will trigger and send that traffic down your vpn client tunnel. See attached images - so my normal workstation has my normal 24. IP on public - but when I use a vm that is 192.168.9.230 it goes down the tunnel.
Make sure you devices you want to go down the tunnel use the dns you want to use and you should be set. Also you might want to make sure you don't get any routes from the vpn client connection, see my above post showing my client config - see how I have checked block routes checked.. You don't want pfsense getting routes you may not want.. you just want to send the traffic down the tunnel based on your policy. Quite often openvpnas is set to default route.. So pfsense could get a default route pointing down the tunnel, etc..
-
Big thanks!
I am having issues figuring out how to set getway for firewall rule on specific IP
I go to:
https://192.168.1.1/firewall_rules.php?if=lanit looks like:
when i go to edit it, it looks like:
i think i am on correct page?
sorry for bothering you so much with this.
thanks
-
Yeah that looks like firewall rule page.. And you need to move this rule above the default rules.. Where are all your advanced settings?? You set the gateway in the advanced section
-
i am completely dumb. :o
I "think" i did everything as you said, and i rebooted pfSense right now.
The output was, every single device was receiving OpenVPN's IP :-\
Here is the full setup:
Interface setup:
Firewall Outbound:
Firewall Rules:
What am i missing?
Thanks
-
No idea what you expect to happen with ! any as a destination.
Some VPN providers push a default gateway. You have to check don't pull routes in the client config to have policy routing control on the client side.
-
well !* is not valid.. You need t create a alias for your local networks, or at min use ! lan net.. So where were your advanced settings in the previous post.. Seems you have gateway set now. And you prob don't want that rule only tcp… How are you going to do dns for example which is udp through that link?
Did you block getting routes from from the vpn client.. It can over write you default route and send everything through that tunnel..
-
Yes, i did set that option.
Alias:
Firewall now:
Advanced:
-
Yeah that looks fine, did you tell your vpn client setting not to pull the routes like I posted twice now and derelict even mentioned ;)
And you still only have tcp, do you not want icmp or udp to go down the tunnel.. Most the time that rule for sending traffic down a tunnel will be any vs just tcp.
-
sorry, only 2 hours sleep tired / sleepy :)
yes i did, in OpenVPN Client, it looks exactly the same as yours in the screenshot:
What about this (Interface), anything should be done here, or leave as it is ? (unchecked)
Also, figured out to change firewall to * instead of TCP only.
All looks fine now?
Big thanks for help :)
-
Dude change it to ANY… so you can use any protocol over the tunnel not just tcp.. More than likely if your wanting to use something like netflix your going to want to make sure its dns used through the tunnel as well..
So is it working now?
-
sorry, while you were typing this post, i was editing above post :/
-
So is it working now?
yes, its working, 2 devices are now going over openvpn, thanks to you.
not sure how to check dns thing, but, when i played a movie on netflix, i monitored the traffic on vps and it was definitely going over openvpn.
[root@my ~]# vnstat -l
Monitoring eth0… (press CTRL-C to stop)rx: 1.53 Mbit/s 138 p/s tx: 1.66 Mbit/s 217 p/s^C
eth0 / traffic statistics
rx | tx
--------------------------------------+------------------
bytes 496.06 MiB | 531.18 MiB
--------------------------------------+------------------
max 49.60 Mbit/s | 53.08 Mbit/s -
When you get a chance, if you please can tell me if i need this checked or leave it unchecked:
I promise after this, i will stop bothering you :-X
I appreciate your help.
