From LAN to OpenVPN network without vpn connection?



  • Hello

    I'm trying to build a configuration where clients residing in the same LAN as the pfSense box, would reach the virtual (OpenVPN) network without opening a tunnel. I don't even know if it's possible with pfSense, but to illustrate the situation :

    • pfSensebox1 LAN IP/SN : 192.168.1.245/24
    • OpenVPN tunnel network : 10.80.0.0/16
    • Client1 address : 192.168.1.10

    Client1 want's to (ssh) connect to another computer that's OpenVPN connected to pfSensebox1, and has an address of 10.80.0.3. Should this be possible when client1 has a route to 10.80.0.0/16 via 192.168.1.245 + pfSensebox1 has a static route from 192.168.1.245 to 10.80.0.0/16 ? I have not been successful in achieving this but I'm a newbie with pfSense.

    Thanks
    BR
    Mike



  • It should be possible. But how to do depends on the stated routes.

    If pfSensebox1 is the default gateway in the LAN and you push the default route or the route to LAN network to vpn clients (redirect gateway), it should work without adding routes.

    If that is not given you need to add routes…

    @finadmin:

    Should this be possible when client1 has a route to 10.80.0.0/16 via 192.168.1.245 + pfSensebox1 has a static route from 192.168.1.245 to 10.80.0.0/16 ?

    The client route is fine. It is only necessary if pfSense is not the default gateway in LAN.

    The second route on pfSense does nothing.
    You need a route on the vpn client for 192.168.1.0/24 pointing to the vpn server. This can be set by entering 192.168.1.0/24 in the "Local Network/s" box in the server settings.
    If you use the wizard for setting up the vpn server, this is set by default.

    Consider that the vpn clients firewall will block such access by default. So you have to open some ports.


Log in to reply