Setting up OpenVPN with DHCP and LDAP from Windows Server in pfsense 2.3.2



  • Hello guys,

    I am a noob in pfsense and also in other firewalls, and what I am trying to setup a OpenVPN server to connect in one of two local network, also connected in the same pfsense. This local network is for private use (10.0.0.x) and the other one for public (192.168.5.x). Also I want to login through a LDAP.

    Till now I was able to set each interface for each network. I am just using pfsense dhcp server for public network, in private network I already had another server with windows server (DHCP, LDAP, …).

    I have already config OpenVPN with the help of several tutorials, some in this forum, but all of those seems too much simple for what I am trying to do here.

    So right now I have set in OpenVPN server this:

    http://prntscr.com/eep3z1
    http://prntscr.com/eeov2s
    http://prntscr.com/eeoz8x
    http://prntscr.com/eeovtl
    http://prntscr.com/eep4pb

    By default it seems that OpenVPN wizard added firewall rules to be able to pass through:

    http://prntscr.com/eeowpr
    http://prntscr.com/eeowyi

    And after I have added my VPN in interfaces:

    http://prntscr.com/eeoxi1
    http://prntscr.com/eeoxyn
    http://prntscr.com/eep7j9
    http://prntscr.com/eepgx9

    Now here comes the questions:

    • In OpenVPN, after a while reading what does IPv4 tunnel network, I continue to dont know what for it is needed, in some tutorials seems like they have set this network randomly.

    • I have set IPv4 local networks for the sub network of my private network, where I want to connect my VPN.

    • Do I need to add a new interface for OpenVPN for this purpose (like I have done in OPT5_OPENVPN)?

    • Should I add a rule in Firewall to let traffic let through from OpenVPN to private network? If the previous question was yes, in each interface, the OPT5_OPENVPN or OpenVPN?

    • After I login in OpenVPN, it will receive the dynamic IP from my Windows Server? If not, what should I do to able it?

    Thank you in advance for your help guys.