remote client & Web traffic
-
@sasa1 I use openswan.
thanks. -
@viragomann said in remote client & Web traffic:
Openswan? Where? On a host inside your network?
What has this to do with OpenVPN?Hi, I would like the remote host that connects via VPN to an openswan server to be able to access the Internet by presenting itself with the public IP of pfsense and not that of its network.
in practice, after the host has connected in vpn access to the web occurs through pfsense
sorry if I didn't write my goal clearly before
thanks. -
@sasa1
Still not clear, which part of your set is related to OpenVPN. -
@viragomann I refer to openswan because the remote host connects in vpn through an openswan server.
I would like the remote host, after making the connection in vpn, if from the browser type:
www.microsoft.com
this request must be forwarded to the pfsense server (where the openswan server is located).
In practice, the remote host always uses the pfsense gateway as the default gateway for any request and not the one locally on his PC.
Thanks. -
@sasa1 sounds like you want split tunneling, but the web traffic you want originating from the remote host would not go through the VPN, it would bypass it and traffel out the remote host wan gateway. Are you using an openvpn server? This was posted in the openVPN forum of PFSense.
-
@sasa1
So obviously there is no OpenVPN in play. Hence this topic should be posted in the routing section.If I understood it correct, you have an Openswan server behind pfSense, and a remote client which is connecting to it should direct its whole upstream traffic over the VPN and out through pfSense WAN interface.
So you have to configure the Openswan server or client so that the client routes its upstream traffic over the VPN. In OpenVPN this can be done by checking "redirect gateway", but I cannot help with Openswan.
On pfSense you have to add a static route for the clients (virtual) IP pointing to the Openswan Server.
Additionally you have to switch the outbound NAT inot hybrid mode and add an rule for the clients IP to WAN. -
@viragomann The static route must be added in System -> Routing -> Gateways ?
the other two steps are clear to me.
Thanks. -
@sasa1
Yes. First add the Openswan server as gateway, then go to the static routes tab and add a static route for the tunnel network and select the Openswan from the gateway drop-down. -
@viragomann when you refer to "Openswan server as gateway" do you mean pfsense's private IP or public IP?
When I create the static route, in the "Destination network" field I have to indicate the network:
0.0.0.0thanks.
-
@sasa1
I'm talking about an Openswan server behind pfSense as I already stated above. Hence I mean its internal IP.
Requested your setup details several times. Since you won't provide details, I'm on assumptions. -
@viragomann sorry but I thought I had provided the necessary details, I try to better explain my network topology.
I have pfsense with wan and lan interface, openvpn server and a remote host that connects in vpn through openvpn client.
My goal is that the remote host can access the web pages using the gateway configured on pfsense so that it can present itself on the web with the public ip address assigned to the pfsense wan -
@sasa1
So there is no Openswan in use yet??? Holy crap!
Only OpenVPN on pfSense itself. We were talking about Openswan all the time. Since this would not run on pfsense, I was assuming it runs on a separate server.
-
@viragomann sorry it was a lapsus, I only use openvpn installed inside pfsense.
Are the same steps you indicated in the previous post valid for the configuration?
thanks and sorry again for the inattention -
@sasa1
When you are running OpenVPN on pfSense itself, you have only to check "Redirect gateway" on the OpenVPN server settings and add an outbound NAT rule to WAN for the VPN tunnel network.
You have to switch the outbound NAT into hybrid mode and save it. Then add a rule:
interface: WAN
source: <OpenVPN tunnel network>All other options may stay on default values. Save it.