Multiple OpenPVN
- 
 Hi Guys, I have questions regarding OpenVPN, we are going to setup OpenVPN on 4 sites each using PfSense as firewall, what we want to happen is for the four sites be connected via OpenVPN, sharing files as if their in a LAN. Is this setup possible? What I have in mind is that each site will be configured as a server and as a client, some sort of multiple trust domain. TIA, Jan 
- 
 If you want to use pfSense to firewall the openVPN then it's a nogo. 
 You cannot filter the traffic comming in /going out through the openVPN tunnel.But it is no problem to have multiple Servers or Clients running at the same time. 
- 
 Hi Gruens, I didn't quite understood what you said, so you're saying that if I will use PfSense as firewall in all of the sites, I can't use OpenVPN? Isn't it the same as running OpenVPN that comes with PfSense? Actually the filtering thing never crossed my mind, Do I really need to have that? Jan 
- 
 @jan: Hi Gruens, I didn't quite understood what you said, so you're saying that if I will use PfSense as firewall in all of the sites, I can't use OpenVPN? Isn't it the same as running OpenVPN that comes with PfSense? You can use OpenVPN. 
 I meant you cannot create a firewallrule on pfSense for the pfSense-internal openVPN client/server.Actually the filtering thing never crossed my mind, Do I really need to have that? Depends on your setup. 
 If your openVPN subnet is a "thrusted" subnet this should not be a problem.
 I thought more you want to firewall the VPN connection.maybe diagrams are more clear: 
 //–---------------------
 Client - vpnclient
 |
 |
 pfSense
 WAN
 |
 |
 Server - vpnserverthe client will always be able to establish a VPN connection to the Server. (if it's the client running the openVPN client instance) 
 pfSense does only firewalling for the traffic from WAN to LAN and vice versa.
 //-----------------------Client 
 |
 |
 pfSense - vpnclient
 WAN
 |
 |
 Server - vpnservernow the vpnclient is on the pfSense itself. One might think you could firewall the vpn connection too. 
 --> having rules who can access the vpn tunnel or who is accessible from the VPN.
 But since you cannot creat a rule for the virtual VPN-interface this is not possible.
 this is what i meant in my first post.
- 
 Hi Gruens, Thanks for your inputs. Here is what I'm planning to setup, install Pfsense as firewall in all of the sites and configure the OpenVPN client/server setup. The subnet is a trusted subnet, and the scenario would be e.g., clients on site 1 will able to see/share files on the Head Office subnet and vice versa. LAN subnet 
 |
 |
 pfsense HeadOffice
 OpenVPN server
 |
 |
 pfsense remote site 1
 |
 |
 Remote LANRegards, Jan 
