[Solved] OpenVPN Client to Access Subnet Behind OpenVPN Server
-
Hi pfsense community i currently have PFSense firewall with web filtering
I want to add Loadbalancer with OpenVPN Server as shown:My Question is, Is it possible for VPN Client to access 192.168.0.0/24 network such as NAS / Fileserver?
Thanks in advance.. -
All you should have to do is pass traffic from 10.0.10.0/24 inbound on the 192.168.10.2/29 interface. You could have pass any any on the WAN there if that fits your model. The internet would be filtered by the rules on the WAN[12] interfaces on the Load Balancer node.
You would also need a gateway defined on the Load Balancer node LAN for 192.168.10.2 and a static route for 192.168.0.0/24 to that gateway.
I am assuming NAT is generally disabled on the Firewall node. You would do your outbound NAT for 192.168.0.0/24 on WAN1 and WAN2 on the Load Balancer node. Any port forwards you need would be there too.
You solve a significant problem with squid + Multi-WAN there by going to two nodes. Should work great.
-
I will try your advice when I have free time to setup LB + Openvpn.
Thank you Derelict for your time.
-
zz
-
Your "drawing" makes no sense.
-
;D
-
It worked! i did everything you said just added to the openvpn server Custom Options -> route 192.168.0.0 255.255.255.0; push "route 192.168.0.0 255.255.255.0" to make it work.
again thanks Derelict :)
-
Glad it worked.
Simply adding 192.168.0.0/24 to the local networks on the server should do the same thing and is easier to understand.
In fact, the route portion of what you added might cause you trouble down the road. push route is what you want.
-
Noted. I don't know why its not working without push route, maybe reboot on the balancer node is needed.
I will reconfigure it later.
-
No reboot should be necessary. Adding the network to Local Networks generates a push route.
The route command tells pfSense to route traffic for that network into OpenVPN. You don't want that since you want traffic for that network to be sent to 192.168.10.2.
The push route tells the server to instruct the clients to install a route so traffic for that network is sent through the tunnel to the server. That is what you want.
What version of pfSense?
-
Pfsense 2.3.2-p1