CentOS 7 client to VPN on pfSense firewall for network monitoring
-
Here's my situation; I've been way overthinking this and I'm stumped at the moment.
I've got one network with a pfSense firewall/DHCP/DNS box handling it. Behind this pfSense box there are multiple access points. I'd like to monitor these using SNMP/Nagios (covered elsewhere). This will be network 1.
I've got a totally separate network, also managed/firewalled by pfSense, whereon resides my CentOS 7 headless server on which I've configured Nagios. Let's say this is network 2.
There are other clients/users on both networks. I don't want them to intermingle.
What I need is for the CentOS 7 server, on network 2, to be able to have an always on VPN connection to network 1, to be able to securely query the access points on network 1. I don't want this connection to allow any other traffic from network 1 to network 2, but if the CentOS 7 server is the only client then I can handle that via firewall rules.
But, how should I go about setting up an appropriate VPN? I've got an OpenVPN server set up on pfSense on network 1 to allow me to remote connect in from a different machine on network 2 and manage the access points. However, I'd like this CentOS 7 server to be able to automatically query their status.
I could join the two pfSense firewalls, I suppose. But, I don't want always on site to site connectivity between both networks; just that one CentOS 7 server on network 2 and the pfSense network 1.
I'm not sure that made any sense, reading back over it. But, one client on a physically separate network always VPN'd to a different network. Best options?
I'm reading up, but I'm going round and round and confusing myself in the process! Any pointers are helpful!
I've also read over here https://openvpn.net/index.php/open-source/documentation/howto.html#config and here https://portal.pfsense.org/docs/book/vpn/choosing-a-vpn-solution-for-your-environment.html and several forum posts but…my brain is curning through all this.
-
aha! Got it! In addition to those two links in my initial post, getting OpenVPN to start and connect at CentOS 7 system start was nigh impossible, but for this!
https://ask.fedoraproject.org/en/question/23085/how-to-start-openvpn-service-at-boot-time/
"It seems this is a known bug/limitation in the design of the Systemd framework in combination with OpenVPN. "
Once again, without derailing this topic, thanks for nothing Systemd! And, I've figured it out. Whew! Hope these links are helpful to someone else.