Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN: how to set up a reverse site-to-site?

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 919 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      akom
      last edited by

      My goal is to access a remote network (which has a dozen or so subnets).  I am running pfSense locally, and the VPN tunnel must be made from the remote network (because only my end has the ability to open inbound ports).

      In other words, I want a linux openvpn command-line client to connect to my pfSense, but I want to then route traffic from my LAN through that tunnel in the reverse direction to all the remote subnets.

      In other words,
      VPN connection:  [linux client, behind some firewalls] ==(public internet)==> [pfSense]
      Desired Traffic: [my LAN] -> ( [pfSense] -> [linux client] ) -> [remote LAN with many subnets]

      It's not clear which configuration is ideal for this, and for my attempt I tried a Site-to-Site static key configuration.  I was able to establish a connection but could not route traffic.  Here is what I tried:

      pfSense: Created a server config as follows:

      • IPv4 Tunnel Network: 198.18.0.0/24 (this subnet is not used anywhere else locally or remotely)
      • IPv4 Remote Networks look like this: 10.0.0.0/8,122.181.160.40/29,157.189.192.0/23,157.189.196.0/23,172.16.175.0/24,172.20.1.0/24,172.20.11.0/24,172.20.52.0/24,172.29.0.64/26,172.30.0.0/16,172.31.0.0/16,192.168.0.0/16,193.26.192.0/23,193.26.196.0/27,193.26.196.128/25,193.26.196.64/27,193.26.196.96/27,193.26.197.0/25,193.26.197.128/26,193.26.197.200/31,193.26.197.204/30,193.26.197.208/28,193.26.197.224/27,193.26.201.0/24,193.26.206.0/24,195.20.210.128/25,208.79.149.0/24,53.0.0.0/10,53.64.0.0/11
      • Added a WAN Rule: IPv4 UDP * * This Firewall 12345 * none
      • Added an OpenVPN Rule: IPv4 * * * * * * none
      • LAN already had a * rule.
      • Cipher: AES-256-CBC

      Client: Created an openvpn conf file:
      dev tun
      remote my.pfsense.domain 12345
      ifconfig 198.18.0.2 198.18.0.1
      secret static.key
      cipher AES-256-CBC
      verb 3

      The connection is established and the new route looks like this on the client:
      198.18.0.1      0.0.0.0        255.255.255.255 UH    0      0        0 tun0

      And on the pfSense end:

      Destination Gateway Flags Use Mtu Netif Expire
      10.0.0.0/8 198.18.0.2 UGS 3 1500 ovpns2
      53.0.0.0/10 198.18.0.2 UGS 0 1500 ovpns2
      53.64.0.0/11 198.18.0.2 UGS 0 1500 ovpns2
      122.181.160.40/29 198.18.0.2 UGS 0 1500 ovpns2
      157.189.192.0/23 198.18.0.2 UGS 28 1500 ovpns2
      157.189.196.0/23 198.18.0.2 UGS 0 1500 ovpns2
      172.16.175.0/24 198.18.0.2 UGS 0 1500 ovpns2
      172.20.1.0/24 198.18.0.2 UGS 0 1500 ovpns2
      172.20.11.0/24 198.18.0.2 UGS 0 1500 ovpns2
      172.20.52.0/24 198.18.0.2 UGS 0 1500 ovpns2
      172.29.0.64/26 198.18.0.2 UGS 0 1500 ovpns2
      172.30.0.0/16 198.18.0.2 UGS 0 1500 ovpns2
      172.31.0.0/16 198.18.0.2 UGS 0 1500 ovpns2
      192.168.0.0/16 198.18.0.2 UGS 0 1500 ovpns2
      193.26.192.0/23 198.18.0.2 UGS 0 1500 ovpns2
      193.26.196.0/27 198.18.0.2 UGS 0 1500 ovpns2
      193.26.196.64/27 198.18.0.2 UGS 0 1500 ovpns2
      193.26.196.96/27 198.18.0.2 UGS 0 1500 ovpns2
      193.26.196.128/25 198.18.0.2 UGS 0 1500 ovpns2
      193.26.197.0/25 198.18.0.2 UGS 0 1500 ovpns2
      193.26.197.128/26 198.18.0.2 UGS 0 1500 ovpns2
      193.26.197.200/31 198.18.0.2 UGS 0 1500 ovpns2
      193.26.197.204/30 198.18.0.2 UGS 0 1500 ovpns2
      193.26.197.208/28 198.18.0.2 UGS 0 1500 ovpns2
      193.26.197.224/27 198.18.0.2 UGS 0 1500 ovpns2
      193.26.201.0/24 198.18.0.2 UGS 0 1500 ovpns2
      193.26.206.0/24 198.18.0.2 UGS 0 1500 ovpns2
      195.20.210.128/25 198.18.0.2 UGS 0 1500 ovpns2
      198.18.0.2 link#8 UH 0 1500 ovpns2
      208.79.149.0/24 198.18.0.2 UGS 0 1500 ovpns2

      Am I even going in the right direction?  Should this be working at this point?  (I tried from my LAN machines and via ping in pfSense, no go)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.