Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can all LAN devices use remote OpenVPN if pfsense is only client configured?

    OpenVPN
    2
    2
    368
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gaza
      last edited by

      I connect my linux desktop to a remote openvpn server using

      sudo openvpn –config mycerts.ovpn

      The file mycerts.ovpn has an RSA key, CA cert, client cert, and DH Parameters contained in the file.

      I am trying to connect pfsense to this VPN server using only the credentials in the .ovpn file, and configure so all outbound traffic (from LAN to WAN) goes through an Openvpn interface.  The goal is for any device on my LAN to automatically use the VPN without configuring any client software on each device.

      Is it possible to have pfsense route all traffic through the VPN without doing anything to the devices that connect to the LAN?

      1 Reply Last reply Reply Quote 0
      • D
        duren
        last edited by

        It is.

        I would start by going back to your VPN provider and looking at their tutorials. Most providers these days have them and there's usually a generic openvpn one disguised as other / ddwrt / openwrt etc. Some providers even have a pfsense specific tutorial.

        I recommend this because they also usually supply the correct parameters specific to them, or even ovpn files you can use as reference in pfsense.

        There is an additional parameters section in the pfsense openvpn client config which override any of the specific settings entered prior. You will be able to paste most of your ovpn stuff in the additional parameters which will be user and perhaps have to give some fake values in the non advanced section to satisfy the UI validation.

        This is the one thing I'd like to see in pfsense: the ability to define a client by linking / uploading an ovpn file from the UI. If you know how to use the advanced parameters, you can actually link to one in there assuming you know how to copy it into the install.

        The one thing I don't recall is if all traffic in the firewall automatically flows through this client because my configuration is to VPN on a per host basis.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post