Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense as a VPN server only

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 604 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jamet
      last edited by jamet

      I have a problem that I am trying to wrap my head around. I think it has to do with the routing table so steer me in the right direction if I am wrong.

      I have pfsense setup with a WAN running OpenVPN. I have an interface that connects to a existing network with all its own services. That interface gets a dhcp ip address (10.144.77.0/24). I want to limit any connection that comes in thru the VPN to only talk to this interface. Would even be better if each VPN client grabbed an IP on that interface as if it was a switch interface.

      Currently when I am connected to the VPN I can ping clients on the 10.144.77.0/24 subnet. I have the VPN auto assign DNS for that subnet so that I can find objects on other vlans. This works. But I am unable to ping anything outside the external LAN. However if I use PFSense's ping I can ping all around the external network.

      Ultimately, what I want is for a user to connect to OpenVPN and get an IP on the 10.144.77.0/24 network like they were connecting there laptop directly to that network. Again this network is not managed by PFSense.

      1 Reply Last reply Reply Quote 0
      • M
        mcit
        last edited by

        If I understand you correctly, we are doing this at one of our sites now by using OpenVPN in tap mode

        Our PfSense has 2 WAN links, 2 LAN interfaces and about a dozen VLANS.

        In the OpenVPN config, we have specified a Server Bridge DHCP start and end range, which is outside our Windows server DHCP scope on the same LAN [this may not be required, we wanted to be able to see which clients were local and which were remote by looking at the IPs]

        No tunnel network is specified.

        When the client logs in, they get an IP in the same subnet as the LAN interface, and they can access all services within the LAN. They can also route traffic back to the internet as if they were connected via the office network.

        I do not have a how to for this, but I recall it was not overly difficult to setup.

        Matthew

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.