Interface Route to local IP
-
I'll say it again: OpenVPN over SSL. I don't know how much clearer I can be. Google it.
So, no, its not just 'boom' done in pfSense as there is no web interface for stunnel.
I took the 192.168.3.3 ip address out of the Loki_VPNHost Rule and I am not able to get to the VPN Server from clients connected on that Interface (Loki/192.168.3.x)
I have some DNS issues to address, but it's almost there!
Hopefully you'll never have to hear from me again (ha. fat chance)
-
Well, there are two issues:
-
the VPN won't connect if the LOKI_VPNHOST Rule is active. Once VPN is connected, then I can active that Rule. But if the VPN link goes down, it can't reconnect.
-
The Traffic over LOKI is redirected through the VPN, but the DNS lookup is not. So I need to be able to set the DNS Resolver to go through the VPN link
-
-
I think I have it all working now!!!
I disabled the Gateway rule and just set the gateway for Loki on the DHCP Loki Interface.
I also set the specific DNS servers on that page as well.
The Pi likes it too - no more failed connecting.
Awesome!!!Thanks everyone again for all your help!!!
-
"its not just 'boom' done in pfSense as there is no web interface for stunnel. "
So you seem to be able to do iptables via config file - but stunnel is too hard??
Working as a asymmetrical hairpinning nightmare.. Have fun with that mess!! WTF..
Simple search and here looks to be instructions on bringing up stunnel on pfsense inbound
https://forum.pfsense.org/index.php?topic=109873.0I show newer version here http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/stunnel-5.37,1.txz vs the one in that thread.
Tell you for sure the time need to create this sort of connection would of be a fraction of the mess you have!!
