Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to configure openvpn pfsense with single nic, relay dhcp to vpn client… ?

    OpenVPN
    2
    7
    712
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pberthol last edited by

      Hi,
      How to configure openvpn pfsense with single nic, relay dhcp to vpn client and permit vpn client to access smb here from outside ?

      thx

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        huh?  So your doing router on a stick with only 1 physical interface on pfsense.  And you want to run openvpn in tap so that some other dhcp server on your network hands it an IP?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

        1 Reply Last reply Reply Quote 0
        • P
          pberthol last edited by

          Here a Draw :

          thx

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            Wow that is bad design for sure..  So your pfsense is not even at the edge, its inside.. And you say its public, so is your smb server and dhcp also on this public segment?

            How does pfsense even get to the dhcp server or smb server in this setup when it only has a public IP..  Please post your IPs on this drawing?  So your firewall has a public segment routed behind it?  And what segment are the smb and dhcp on?

            Running vpn server inside a network normally leads to asymmetrical routing if you do not work around via a NAT or at best case you have a hairpin, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

            1 Reply Last reply Reply Quote 0
            • P
              pberthol last edited by

              And you say its public, so is your smb server and dhcp also on this public segment?

              All ip are potential public, i use CIDR, but router/firewall restrict incoming connection : internet can see pfsense ip with only vpn port open, but internet can't see or ping  dhcp or file server.

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                So all 3 of your servers are on some public /?

                Why do you think you need the dhcp server to give this road warrior its IP address?  Your going to have an asymmetrical mess trying to run your 1 arm bandit vpn tunnel on the inside of the network your trying to access.

                Why do you not just run vpn server at your firewall in your picture?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                1 Reply Last reply Reply Quote 0
                • P
                  pberthol last edited by

                  So all 3 of your servers are on some public /?

                  they are behind a firewall, so  not accessible on internet.
                  dhcp provide on my lan (file server, vpn …)  routable ip adress 194.48.50 .../24, (that different of traditionnal "private use" 192.168... adress)

                  PS: i can change my mind and put an another NIC , but it will be in same subnet.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post