Reach Network Client Subnet from the computers behind to the pfsense firewall

veebr0

Scenario:

[Office´s Client  A]  - (ADLS)–-----Open VPN -----WAN(IPfirewall)----OPT(192.168.20.0)/29—[Computers(192.168.20.x/29)]
LAN:192.168.1.0/24                                               |
                                                            Lan (192.168.101.0/29)

Dear, Friend, We are trying to find a way that the computers behind pfsense firewall can reach [Office´s Client  A] network when it is connected trough OpenVPN client.  As you see in the graph above.
The [Office´s Client  A],  is a simple office with a ADLS to access internet and all computers use OpenVPN client to connect to pfsense firewall.
Now those users can access the network (192.168.20.x/29) without any problem, but the idea is to find a way that the  server or computers on network 192.168.20.x can print out some documents into the [Office´s Client  A] (192.168.1.0/24) network, the printer is configured by ip 192.168.1.60/24

That is possible?
Gully

JKnott

Unless I'm missing something, that should be easy to do.  Once you set up the VPN, it's just normal routing.  I assume you've got something running OpenVPN at the remote site.

veebr0

Thanks JKnott, yes if you see the graph into the client site exists computers and printers with ip´s 192.168.1.X/24, but exist a Windows Server r2 with ip 192.168.20.X that need to reach subnet 192.168.1.x/24 (client LAN) due to the obsoleted application installed on this server need to print out directly to this subnet (Lan Client).

If possible to you explain to me where I need to put the route,  I really appreciate it, and let me know  if I need an additional action into the pfsense firewall rules.

P.D. I tried to put a manual route add into the Window server like:
Add route 192.168.1.0 mask 255.255.255.0 10.0.20.1 where 20.1 is the Default GW for a OPenVPN interface. But doe´s not work , time out received.

Thanks in advance,

Gully

ashima

Hi,

That is possible if you are having site-2-site openvpn connection. Then all the systems from Client A side can access 192.168.20.x series and vice versa. As far as I can understand from your post  is that you are running windows based openvpn client software  on individual systems on Client A. If that is the case then I guess you will  not able to access systems on Client A side from 192.168.20.x.

I suggest to put up a device (may be another pfsense device) at Client A and then the two devices can make a openvpn connection. Then all the devices from either side should be able to talk to each other.

regards,
Ashima

JKnott

Are the computers sharing one subnet?  Or do they have separate tunnels?

veebr0

@ashima:

Hi,

That is possible if you are having site-2-site openvpn connection. Then all the systems from Client A side can access 192.168.20.x series and vice versa. As far as I can understand from your post  is that you are running windows based openvpn client software  on individual systems on Client A. If that is the case then I guess you will  not able to access systems on Client A side from 192.168.20.x.

I suggest to put up a device (may be another pfsense device) at Client A and then the two devices can make a openvpn connection. Then all the devices from either side should be able to talk to each other.

regards,
Ashima

Thanks to all, following the Ashima suggestion I solved the problem, I just bought a simple router board  Mikrotik RB260GS and make the connection  site to site open VPN,

So now is solved.

Thanks to all for your cooperation, all the best.
Gully