Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CentOS 7 client to VPN on pfSense firewall for network monitoring

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bpb21
      last edited by

      Here's my situation; I've been way overthinking this and I'm stumped at the moment.

      I've got one network with a pfSense firewall/DHCP/DNS box handling it.  Behind this pfSense box there are multiple access points.  I'd like to monitor these using SNMP/Nagios (covered elsewhere).  This will be network 1.

      I've got a totally separate network, also managed/firewalled by pfSense, whereon resides my CentOS 7 headless server on which I've configured Nagios.  Let's say this is network 2.

      There are other clients/users on both networks.  I don't want them to intermingle.

      What I need is for the CentOS 7 server, on network 2, to be able to have an always on VPN connection to network 1, to be able to securely query the access points on network 1.  I don't want this connection to allow any other traffic from network 1 to network 2, but if the CentOS 7 server is the only client then I can handle that via firewall rules.

      But, how should I go about setting up an appropriate VPN?  I've got an OpenVPN server set up on pfSense on network 1 to allow me to remote connect in from a different machine on network 2 and manage the access points.  However, I'd like this CentOS 7 server to be able to automatically query their status.

      I could join the two pfSense firewalls, I suppose.  But, I don't want always on site to site connectivity between both networks; just that one CentOS 7 server on network 2 and the pfSense network 1.

      I'm not sure that made any sense, reading back over it.  But, one client on a physically separate network always VPN'd to a different network.  Best options?

      I'm reading up, but I'm going round and round and confusing myself in the process!  Any pointers are helpful!

      I've also read over here https://openvpn.net/index.php/open-source/documentation/howto.html#config and here https://portal.pfsense.org/docs/book/vpn/choosing-a-vpn-solution-for-your-environment.html and several forum posts but…my brain is curning through all this.

      1 Reply Last reply Reply Quote 0
      • B Offline
        bpb21
        last edited by

        aha!  Got it!  In addition to those two links in my initial post, getting OpenVPN to start and connect at CentOS 7 system start was nigh impossible, but for this!

        https://ask.fedoraproject.org/en/question/23085/how-to-start-openvpn-service-at-boot-time/

        "It seems this is a known bug/limitation in the design of the Systemd framework in combination with OpenVPN. "

        Once again, without derailing this topic, thanks for nothing Systemd!  And, I've figured it out.  Whew!  Hope these links are helpful to someone else.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.