Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [Solved] OpenVPN Client to Access Subnet Behind OpenVPN Server

    OpenVPN
    3
    11
    5580
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      ghinthsh last edited by

      Hi pfsense community i currently have PFSense firewall with web filtering
      I want to add Loadbalancer with OpenVPN Server as shown:

      My Question is, Is it possible for VPN Client to access 192.168.0.0/24 network such as NAS / Fileserver?
      Thanks in advance..

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        All you should have to do is pass traffic from 10.0.10.0/24 inbound on the 192.168.10.2/29 interface. You could have pass any any on the WAN there if that fits your model. The internet would be filtered by the rules on the WAN[12] interfaces on the Load Balancer node.

        You would also need a gateway defined on the Load Balancer node LAN for 192.168.10.2 and a static route for 192.168.0.0/24 to that gateway.

        I am assuming NAT is generally disabled on the Firewall node. You would do your outbound NAT for 192.168.0.0/24 on WAN1 and WAN2 on the Load Balancer node. Any port forwards you need would be there too.

        You solve a significant problem with squid + Multi-WAN there by going to two nodes. Should work great.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • G
          ghinthsh last edited by

          I will try your advice when I have free time to setup LB + Openvpn.

          Thank you Derelict for your time.

          1 Reply Last reply Reply Quote 0
          • A
            alphameric77 last edited by

            zz

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              Your "drawing" makes no sense.

              Chattanooga, Tennessee, USA
              The pfSense Book is free of charge!
              DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • G
                ghinthsh last edited by

                ;D

                1 Reply Last reply Reply Quote 0
                • G
                  ghinthsh last edited by

                  It worked! i did everything you said just added to the openvpn server Custom Options -> route 192.168.0.0 255.255.255.0; push "route 192.168.0.0 255.255.255.0" to make it work.

                  again thanks Derelict  :)

                  1 Reply Last reply Reply Quote 0
                  • Derelict
                    Derelict LAYER 8 Netgate last edited by

                    Glad it worked.

                    Simply adding 192.168.0.0/24 to the local networks on the server should do the same thing and is easier to understand.

                    In fact, the route portion of what you added might cause you trouble down the road. push route is what you want.

                    Chattanooga, Tennessee, USA
                    The pfSense Book is free of charge!
                    DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • G
                      ghinthsh last edited by

                      Noted.  I don't know why its not working without push route, maybe reboot on the balancer node is needed.

                      I will reconfigure it later.

                      1 Reply Last reply Reply Quote 0
                      • Derelict
                        Derelict LAYER 8 Netgate last edited by

                        No reboot should be necessary. Adding the network to Local Networks generates a push route.

                        The route command tells pfSense to route traffic for that network into OpenVPN. You don't want that since you want traffic for that network to be sent to 192.168.10.2.

                        The push route tells the server to instruct the clients to install a route so traffic for that network is sent through the tunnel to the server. That is what you want.

                        What version of pfSense?

                        Chattanooga, Tennessee, USA
                        The pfSense Book is free of charge!
                        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • G
                          ghinthsh last edited by

                          Pfsense 2.3.2-p1

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post