Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense only OpenVPN Server with only single interface WAN

    Scheduled Pinned Locked Moved OpenVPN
    30 Posts 6 Posters 12.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viragomann
      last edited by

      The crux of the matter is the gateway here for this solution. If you cannot configure it, that won't work.

      So let's try the NAT solution.
      That is assuming that all settings are like you wrote in your first post here.
      For this one you have to enable the Outbound NAT in the pfSense web-GUI. Firewall > NAT > Outbound. Select the hybrid mode and save that.
      Add a new rule:
      Interface: WAN
      Source: any
      Destination: 10.142.xx.xx/20 (the Google Cloud local network)
      Translation address: Interface address

      That should work if the vpn is configured correctly.

      1 Reply Last reply Reply Quote 0
      • N
        n1tr0666
        last edited by

        Thx it's work now ! :-)

        1 Reply Last reply Reply Quote 0
        • C
          CoyoteKG
          last edited by CoyoteKG

          Hello,
          I'm new with pfsense, and for now I need it only because OpenVPN.

          I installed it to some cloud, also only with one interface for wan.
          Because there is no possibility on that hosting to put few servers in the same vlan, I wan't to try with OpenVPN.

          Is it possible only with bridging? I googled so much these days, and found only this 6 years old guide
          https://hardforum.com/threads/pfsense-2-0-1-openvpn-configuration-guide.1663797/
          but it seems like it is obsolete.
          Also in netgate documentation there is this link
          https://www.netgate.com/docs/pfsense/vpn/openvpn/openvpn-bridging.html
          which also not works because it is "irrelevant" for current pfsense version.

          Can you direct me how to make possible to put different cloud standalone servers to the same vlan?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            There should exist smaller solutions for OpenVPN only.

            You can get access by a transit network and routing if you have access to the default gateway, as already mentioned here. Or by adding a route to each remote device you want to reach or by NAT.

            Also by bridging, in theory, but my experience tells me, that you will not get much support here for bridged openVPN, but you may try a new thread.
            I can't help.

            1 Reply Last reply Reply Quote 0
            • G
              grante @majinb_igor
              last edited by

              @majinb_igor

              Hi I am trying to do the same thing, could you share a screenshot of younnat config for this?

              Thanks

              1 Reply Last reply Reply Quote 0
              • C
                CoyoteKG
                last edited by

                Hello, I succeeded to setup on cloud with one WAN openvpn and connect devices from different places to one network.

                ISP is Hetzner.

                This is the configuration if someone need. Mostly done via Wizards, with small corrections afterwards.
                Still need a little bit to harden firewall.

                0_1533718050732_01-WAN.PNG

                1_1533718050734_02-OpenVPN server.PNG

                2_1533718050734_03-Server - General Information.PNG

                3_1533718050734_04-Server Tunnel Settings.PNG

                4_1533718050734_05-Server - Crypto Settings.PNG

                5_1533718050735_06-Server - Client settings.PNG

                6_1533718050735_07-Interface Assignments.PNG

                7_1533718050735_08-Firewall WAN.PNG

                8_1533718050735_09-Firewall OpenVPN.PNG

                9_1533718050735_10-Routes.PNG

                10_1533718050736_11-Connected clients.PNG

                1 Reply Last reply Reply Quote 0
                • N
                  n1tr0666
                  last edited by

                  Hello again ! :-)

                  I'm setup PFSENSE (1 WAN nic) on google cloud with 6 pfsense (client) connected site-to-site, all client can PING my google cloud network 10.142.x.x/20

                  But when connect to my server on my google cloud 10.142.x.4 i'm can't PING my local network client ….

                  If i'm connect on pfsense GUI (server-side) 10.142.x.7 and make PING test on my internal local client 10.10.5.249 it's WORK !!!!


                  pfsense server 10.142.0.7
                  google cloud server 10.242.0.4

                  pfsense client 10.10.5.1
                  Workstation client 10.10.5.249

                  ping from 10.10.5.249 to 10.142.0.7 ---- WORK
                  ping from 10.10.5.249 to 10.142.0.4 ---- WORK

                  ping from 10.142.0.7 to 10.10.5.249 ----- WORK
                  ping from 10.142.0.4 to 10.10.5.249 ----- FAIL

                  Traffic fail on one side … can you help me whit my route table please….

                  THX !!!!

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @n1tr0666
                    last edited by

                    @n1tr0666 said in Pfsense only OpenVPN Server with only single interface WAN:

                    I'm setup PFSENSE (1 WAN nic) on google cloud with 6 pfsense (client) connected site-to-site

                    6 site-to-site clients are connected to a single server? With CSO?

                    @n1tr0666 said in Pfsense only OpenVPN Server with only single interface WAN:

                    ping from 10.142.0.4 to 10.10.5.249 ----- FAIL

                    You have to tell the cloud server where to go to reach 10.10.5.249. Add a static route to it for the network of 10.10.5.249 and direct it to pfSense 10.142.0.7.

                    1 Reply Last reply Reply Quote 0
                    • N
                      n1tr0666
                      last edited by

                      Hello,

                      All client can ping 10.142.0.x but FAIL from other side ….

                      When ping from 10.142.0.4 (Windows 2016) to any pfsense client it's fail :-(

                      If i'm log in pfsense server GUI 10.142.0.7 and test ping to 10.10.5.249 it's only work with OPENVPN interface if I choose WAN it's fail….

                      See images in this link for more informations …..

                      https://cloud.ordivert.net/index.php/s/ubEciIGkjNlz3lB

                      Where add static route in pfsense server or directly in google cloud interface ???

                      Because my Windows 2016 server VM on google (10.142.0.4) ogtain DHCP automatic and use 10.142.0.1 for Gateway. Can add route directly in my Windows 2016 ? do you have demo route for me ?

                      Thx!

                      V 1 Reply Last reply Reply Quote 0
                      • V
                        viragomann @n1tr0666
                        last edited by

                        @n1tr0666 said in Pfsense only OpenVPN Server with only single interface WAN:

                        If i'm log in pfsense server GUI 10.142.0.7 and test ping to 10.10.5.249 it's only work with OPENVPN interface if I choose WAN it's fail….

                        Seems that the client is missing the route to your google cloud network.

                        1 Reply Last reply Reply Quote 0
                        • N
                          n1tr0666
                          last edited by

                          What do you means ?

                          1 Reply Last reply Reply Quote 0
                          • V
                            viragomann
                            last edited by

                            On the client you have to set the route to the 10.142.xx.xx/20 network.
                            In pfSense GUI enter the network into the "Remote network/s" box.

                            1 Reply Last reply Reply Quote 0
                            • N
                              n1tr0666
                              last edited by

                              on the client ?

                              client can ping google cloud VM

                              but

                              google cloud VM cannot ping client

                              1 Reply Last reply Reply Quote 0
                              • V
                                viragomann
                                last edited by

                                Again the question:
                                All 6 site-to-site clients are connected to a single server? If yes, have you added CSO?

                                1 Reply Last reply Reply Quote 0
                                • N
                                  n1tr0666
                                  last edited by

                                  Yes all 6 pfsense client is connected to same pfsense server (10.142.0.7)

                                  CSO ?

                                  1 Reply Last reply Reply Quote 0
                                  • V
                                    viragomann
                                    last edited by

                                    You find it in the GUI: VPN > OpenVPN > Client specific overrides
                                    It's necessary to tell the server into which tunnel the packets have to be routed.

                                    CSO only work in conjunction with TLS Auth (a unique certificate for each client).

                                    1 Reply Last reply Reply Quote 0
                                    • N
                                      n1tr0666
                                      last edited by

                                      Yes ! already setup it !!!!

                                      My error it's maybe that my Windows 2016 server 10.142.0.4 have Gateway 10.142.0.1 but my pfsense server is 10.142.0.7

                                      In my Windows 2016 … if add static route like the server ignore this rules ….

                                      route add 10.10.5.0 mask 255.255.255.0 10.142.0.7

                                      and cannot find option in google cloud for it and if i'm configure static ip on my google cloud VM (Windows server) I cannot reach vm after, only work in DHCP.

                                      1 Reply Last reply Reply Quote 0
                                      • N
                                        nartix
                                        last edited by nartix

                                        server1.conf.txt Even though this post is 2 years old, I thought should reply to it as is still relevant today and helped me fix the same problem I had in 2020.

                                        As like the original post, I too couldn't access any local network resources while my pfSense is set up in a local XCP-ng VM using only one WAN port. I was able to access the internet and local pfSense IP but couldn't ping any other LAN IP/resources. Oddly, the local Xen Orchestra website loaded without any images, only the login page with just text but couldn't access all the other local resources, NAS, Plex server, local servers, etc.

                                        Thanks to viragomann advice on setting up the Firewall NAT Outbound rule, everything works. I was able to access all LAN resources from my work!!

                                        My router IP is 192.168.2.1 so I setup the NAT Outbound rule as followed:
                                        Interface: WAN
                                        Source: Any
                                        Destination: Network 192.168.2.0/24
                                        Screenshot 2020-10-11 112553.png

                                        I haven't set up the Dynamic DNS through pfSense as it was set up through my home router.

                                        ALSO, DON'T FORGET TO SET UP PORT FORWARDING to port 1194 through the home router, otherwise, you won't be able to access the VPN server.

                                        I followed this instruction to set up the VM:
                                        https://xcp-ng.org/blog/2019/08/20/how-to-install-pfsense-in-a-vm/

                                        I followed this video to set up pfSense on local XCP-ng VM:
                                        https://www.youtube.com/watch?v=fsdm5uc_LsU

                                        I followed these videos to set up the OpenVPN on pfSense:
                                        https://www.youtube.com/watch?v=dBOQnApxzzQ
                                        https://www.youtube.com/watch?v=PgielyUFGeQ

                                        [0_1602430059510_server1.conf](Uploading 100%)

                                        1 Reply Last reply Reply Quote 1
                                        • M manfredoberd referenced this topic on
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.