CentOS 7 client to VPN on pfSense firewall for network monitoring



  • Here's my situation; I've been way overthinking this and I'm stumped at the moment.

    I've got one network with a pfSense firewall/DHCP/DNS box handling it.  Behind this pfSense box there are multiple access points.  I'd like to monitor these using SNMP/Nagios (covered elsewhere).  This will be network 1.

    I've got a totally separate network, also managed/firewalled by pfSense, whereon resides my CentOS 7 headless server on which I've configured Nagios.  Let's say this is network 2.

    There are other clients/users on both networks.  I don't want them to intermingle.

    What I need is for the CentOS 7 server, on network 2, to be able to have an always on VPN connection to network 1, to be able to securely query the access points on network 1.  I don't want this connection to allow any other traffic from network 1 to network 2, but if the CentOS 7 server is the only client then I can handle that via firewall rules.

    But, how should I go about setting up an appropriate VPN?  I've got an OpenVPN server set up on pfSense on network 1 to allow me to remote connect in from a different machine on network 2 and manage the access points.  However, I'd like this CentOS 7 server to be able to automatically query their status.

    I could join the two pfSense firewalls, I suppose.  But, I don't want always on site to site connectivity between both networks; just that one CentOS 7 server on network 2 and the pfSense network 1.

    I'm not sure that made any sense, reading back over it.  But, one client on a physically separate network always VPN'd to a different network.  Best options?

    I'm reading up, but I'm going round and round and confusing myself in the process!  Any pointers are helpful!

    I've also read over here https://openvpn.net/index.php/open-source/documentation/howto.html#config and here https://portal.pfsense.org/docs/book/vpn/choosing-a-vpn-solution-for-your-environment.html and several forum posts but…my brain is curning through all this.



  • aha!  Got it!  In addition to those two links in my initial post, getting OpenVPN to start and connect at CentOS 7 system start was nigh impossible, but for this!

    https://ask.fedoraproject.org/en/question/23085/how-to-start-openvpn-service-at-boot-time/

    "It seems this is a known bug/limitation in the design of the Systemd framework in combination with OpenVPN. "

    Once again, without derailing this topic, thanks for nothing Systemd!  And, I've figured it out.  Whew!  Hope these links are helpful to someone else.


Log in to reply