Can all LAN devices use remote OpenVPN if pfsense is only client configured?
-
I connect my linux desktop to a remote openvpn server using
sudo openvpn –config mycerts.ovpn
The file mycerts.ovpn has an RSA key, CA cert, client cert, and DH Parameters contained in the file.
I am trying to connect pfsense to this VPN server using only the credentials in the .ovpn file, and configure so all outbound traffic (from LAN to WAN) goes through an Openvpn interface. The goal is for any device on my LAN to automatically use the VPN without configuring any client software on each device.
Is it possible to have pfsense route all traffic through the VPN without doing anything to the devices that connect to the LAN?
-
It is.
I would start by going back to your VPN provider and looking at their tutorials. Most providers these days have them and there's usually a generic openvpn one disguised as other / ddwrt / openwrt etc. Some providers even have a pfsense specific tutorial.
I recommend this because they also usually supply the correct parameters specific to them, or even ovpn files you can use as reference in pfsense.
There is an additional parameters section in the pfsense openvpn client config which override any of the specific settings entered prior. You will be able to paste most of your ovpn stuff in the additional parameters which will be user and perhaps have to give some fake values in the non advanced section to satisfy the UI validation.
This is the one thing I'd like to see in pfsense: the ability to define a client by linking / uploading an ovpn file from the UI. If you know how to use the advanced parameters, you can actually link to one in there assuming you know how to copy it into the install.
The one thing I don't recall is if all traffic in the firewall automatically flows through this client because my configuration is to VPN on a per host basis.