CentOS 7 client to VPN on pfSense firewall for network monitoring
Here's my situation; I've been way overthinking this and I'm stumped at the moment.
I've got one network with a pfSense firewall/DHCP/DNS box handling it. Behind this pfSense box there are multiple access points. I'd like to monitor these using SNMP/Nagios (covered elsewhere). This will be network 1.
I've got a totally separate network, also managed/firewalled by pfSense, whereon resides my CentOS 7 headless server on which I've configured Nagios. Let's say this is network 2.
There are other clients/users on both networks. I don't want them to intermingle.
What I need is for the CentOS 7 server, on network 2, to be able to have an always on VPN connection to network 1, to be able to securely query the access points on network 1. I don't want this connection to allow any other traffic from network 1 to network 2, but if the CentOS 7 server is the only client then I can handle that via firewall rules.
But, how should I go about setting up an appropriate VPN? I've got an OpenVPN server set up on pfSense on network 1 to allow me to remote connect in from a different machine on network 2 and manage the access points. However, I'd like this CentOS 7 server to be able to automatically query their status.
I could join the two pfSense firewalls, I suppose. But, I don't want always on site to site connectivity between both networks; just that one CentOS 7 server on network 2 and the pfSense network 1.
I'm not sure that made any sense, reading back over it. But, one client on a physically separate network always VPN'd to a different network. Best options?
I'm reading up, but I'm going round and round and confusing myself in the process! Any pointers are helpful!
I've also read over here https://openvpn.net/index.php/open-source/documentation/howto.html#config and here https://portal.pfsense.org/docs/book/vpn/choosing-a-vpn-solution-for-your-environment.html and several forum posts but…my brain is curning through all this.
aha! Got it! In addition to those two links in my initial post, getting OpenVPN to start and connect at CentOS 7 system start was nigh impossible, but for this!
"It seems this is a known bug/limitation in the design of the Systemd framework in combination with OpenVPN. "
Once again, without derailing this topic, thanks for nothing Systemd! And, I've figured it out. Whew! Hope these links are helpful to someone else.