Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing Public IP over vpn

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chpalmerC
      chpalmer
      last edited by

      I have a remote site that is on a private space network behind the ISP (wireless).  We use OpenVPN to access the LAN there and everything works fine.

      Now I have need to access a camera on the remote site from the public internet and want to do it by using one of the main sites Public IP addresses and route the connection over the VPN.

      I can see the traffic arriving there but the returned traffic is stopped at the remote firewall showing up in the logs as blocked traffic on the LAN interface.

      Im using 2.2RC on both ends.  tun, openvpn, LAN rule to anywhere,

      Anyone else doing something similar to this with any luck?

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        See the diagram in my sig.

        Reference this post: https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269  That should get you mostly there.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • chpalmerC
          chpalmer
          last edited by

          This disrupts OpenVPN traffic to pfSense B so don’t do it over the VPN or you’ll be unhappy on your drive to the datacenter.  Do it from LAN or WAN.

          Guess Ill do this next week.  ;D

          Thanks!

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            It comes right back up.  Just have to be sure you're not doing it through the only path into the router.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • chpalmerC
              chpalmer
              last edited by

              @Derelict:

              It comes right back up.  Just have to be sure you're not doing it through the only path into the router.

              I have to read it again.  So the site Im worried about is the site with the public IP addresses?    The remote site is only accessible via LAN when no VPN exists…

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Oh.  Yeah.  That's a problem.  You could just enable webconfig access on WAN briefly, log in that way and make the changes, then disable it again after the VPN comes back up.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • chpalmerC
                  chpalmer
                  last edited by

                  @Derelict:

                  Oh.  Yeah.  That's a problem.  You could just enable webconfig access on WAN briefly, log in that way and make the changes, then disable it again after the VPN comes back up.

                  Thar be the issue.  Its behind an ISP that only hands out private space addresses.  10.190.x.x

                  Triggering snowflakes one by one..
                  Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis
                    last edited by

                    If there is some computer behind the pfSense at the remote site, then you can install something like TeamViewer on it. That will also find its way out from behind private address space. Then you can TeamViewer to that computer (VM or whatever) and open a browser there to access pfSense webGUI even when the OpenVPN is down/off.

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.