OpenVPN Access to LAN behind client
-
Hello,
I have no clue how to configure route for this type of setup.
Thanks.
I have the following setup:
Centos openvz vps (venet0)
OpenVPN server IP: 10.8.0.1PFsense router Acts as OpenVPN client
Lan: 192.244.11.0/24
Openvpn client ip : 10.8.0.2
Windows client
Lan : 192.244.11.1
I want the centos Server to be able to access the LAN of the PFsense. The Windows client in the PFsense LAN needs to be able communicate with the centos Server box as well.port 1194 proto udp dev tun user nobody group nobody persist-key persist-tun keepalive 10 120 topology subnet server 10.8.0.0 255.255.255.0 client-to-client push "route 192.244.11.0 255.255.255.0" ;route 192.244.11.0 255.255.255.0 10.8.0.1 ; ------------------------- ifconfig-pool-persist ipp.txt push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" push "redirect-gateway def1 bypass-dhcp" crl-verify crl.pem ca ca.crt cert server_g9hq31FXVL3AsXq0.crt key server_g9hq31FXVL3AsXq0.key tls-auth tls-auth.key 0 dh dh.pem auth SHA256 cipher AES-128-CBC tls-server tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 status openvpn.log verb 3
pfsense client
client proto udp remote ***************** 1194 dev tun resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server verify-x509-name server_g9hq31FXVL3AsXq0 name auth SHA256 auth-nocache cipher AES-128-CBC tls-client tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 setenv opt block-outside-dns verb 3 <ca> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </ca> <cert> Certificate: -----BEGIN CERTIFICATE----- BTusOrY68gxGlFw3smOloawS6xhnm4hVFWMhYg= -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- G3uB2I+MqZpoO83YsZ//HqiE4H -----END PRIVATE KEY----- </key> key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- -----END OpenVPN Static key V1----- </tls-auth>
-
Did you go through one of the site-to-site examples? https://www.netgate.com/docs/pfsense/book/openvpn/index.html
As I recall the routing should be handled automatically but you'd need to add firewall rules: https://www.netgate.com/docs/pfsense/book/openvpn/allowing-traffic-over-openvpn-tunnels.html
-
No. I used some tutorial of PIA open vpn client.