Reach Network Client Subnet from the computers behind to the pfsense firewall
-
Scenario:
[Office´s Client A] - (ADLS)–-----Open VPN -----WAN(IPfirewall)----OPT(192.168.20.0)/29—[Computers(192.168.20.x/29)]
LAN:192.168.1.0/24 |
Lan (192.168.101.0/29)Dear, Friend, We are trying to find a way that the computers behind pfsense firewall can reach [Office´s Client A] network when it is connected trough OpenVPN client. As you see in the graph above.
The [Office´s Client A], is a simple office with a ADLS to access internet and all computers use OpenVPN client to connect to pfsense firewall.
Now those users can access the network (192.168.20.x/29) without any problem, but the idea is to find a way that the server or computers on network 192.168.20.x can print out some documents into the [Office´s Client A] (192.168.1.0/24) network, the printer is configured by ip 192.168.1.60/24That is possible?
Gully -
Unless I'm missing something, that should be easy to do. Once you set up the VPN, it's just normal routing. I assume you've got something running OpenVPN at the remote site.
-
Thanks JKnott, yes if you see the graph into the client site exists computers and printers with ip´s 192.168.1.X/24, but exist a Windows Server r2 with ip 192.168.20.X that need to reach subnet 192.168.1.x/24 (client LAN) due to the obsoleted application installed on this server need to print out directly to this subnet (Lan Client).
If possible to you explain to me where I need to put the route, I really appreciate it, and let me know if I need an additional action into the pfsense firewall rules.
P.D. I tried to put a manual route add into the Window server like:
Add route 192.168.1.0 mask 255.255.255.0 10.0.20.1 where 20.1 is the Default GW for a OPenVPN interface. But doe´s not work , time out received.Thanks in advance,
Gully
-
Hi,
That is possible if you are having site-2-site openvpn connection. Then all the systems from Client A side can access 192.168.20.x series and vice versa. As far as I can understand from your post is that you are running windows based openvpn client software on individual systems on Client A. If that is the case then I guess you will not able to access systems on Client A side from 192.168.20.x.
I suggest to put up a device (may be another pfsense device) at Client A and then the two devices can make a openvpn connection. Then all the devices from either side should be able to talk to each other.
regards,
Ashima -
Are the computers sharing one subnet? Or do they have separate tunnels?
-
Hi,
That is possible if you are having site-2-site openvpn connection. Then all the systems from Client A side can access 192.168.20.x series and vice versa. As far as I can understand from your post is that you are running windows based openvpn client software on individual systems on Client A. If that is the case then I guess you will not able to access systems on Client A side from 192.168.20.x.
I suggest to put up a device (may be another pfsense device) at Client A and then the two devices can make a openvpn connection. Then all the devices from either side should be able to talk to each other.
regards,
AshimaThanks to all, following the Ashima suggestion I solved the problem, I just bought a simple router board Mikrotik RB260GS and make the connection site to site open VPN,
So now is solved.
Thanks to all for your cooperation, all the best.
Gully