Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense OpenVPN Server in the cloud – peer to peer with multiple clients

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sergesphinx
      last edited by

      Hi all,

      I use the last PfSense version 2.2.4.

      I've deployed an PfSense VM in the cloud and I use it as an OpenVPN server.
      The Goal is to configure the maximum of the configuration in the cloud server.
      I used the Client Specific Overrides to send specific parameters to a specific client.

      From the Client LAN 192.168.13.0/24, I can ping all hosts from LAN Server
      From the Client LAN 192.168.15.0/24, I can ping all hosts from LAN Server

      From the Server LAN 192.168.43.0/24, I can ping all hosts from LAN Clients 13.0/24 & 15.0/24.

      I would like now allow the communication between the Clients LAN 13.0 to 15.0 and vice versa.

      Here my Server configuration :

      dev ovpns3
      verb 1
      dev-type tun
      dev-node /dev/tun3
      writepid /var/run/openvpn_server3.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher BF-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local MYSERVERIP
      tls-server
      server 10.0.8.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      ifconfig 10.0.8.1 10.0.8.2
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'SierraServer' 1 "
      lport 1194
      management /var/etc/openvpn/server3.sock unix
      push "route 192.168.43.0 255.255.255.0"
      route 192.168.13.0 255.255.255.0
      route 192.168.15.0 255.255.255.0
      ca /var/etc/openvpn/server3.ca
      cert /var/etc/openvpn/server3.cert
      key /var/etc/openvpn/server3.key
      dh /etc/dh-parameters.2048
      comp-lzo yes
      tun-mtu 1500
      mssfix 1400
      fragment 1300

      Here my CSO for client1 (192.168.13.0)

      ifconfig-push 10.0.8.10 10.0.8.1
      push "route 192.168.43.0 255.255.255.0"
      push "route 192.168.15.0 255.255.255.0"
      iroute 192.168.13.0 255.255.255.0

      and CSO for client2 (192.168.15.0)

      ifconfig-push 10.0.8.20 10.0.8.1
      push "route 192.168.43.0 255.255.255.0"
      push "route 192.168.13.0 255.255.255.0"
      iroute 192.168.15.0 255.255.255.0

      Thanks in advance for your help about this case.
      Maybe it's just a routing or NAT problem because client & server can ping all hosts but I've tried lot of settings unsuccessfully.

      Best regards
      OpenVPN_multisite_Cloudserver.png
      OpenVPN_multisite_Cloudserver.png_thumb

      1 Reply Last reply Reply Quote 0
      • S Offline
        sergesphinx
        last edited by

        it works

        I've added a NAT outbound rule to allow communication

        interface : openvpn
        source : any
        source port : *
        destination : any
        destination : *
        nat port : *
        satic port : no
        nat address : OpenVPN address

        Ping works from a client LAN host to another client LAN host.

        OUFFFFFF.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.