Reach Network Client Subnet from the computers behind to the pfsense firewall

veebr0 · Mar 16, 2018, 1:26 PM

Scenario:

[Office´s Client A] - (ADLS)–-----Open VPN -----WAN(IPfirewall)----OPT(192.168.20.0)/29—[Computers(192.168.20.x/29)]
LAN:192.168.1.0/24 |
Lan (192.168.101.0/29)

Dear, Friend, We are trying to find a way that the computers behind pfsense firewall can reach [Office´s Client A] network when it is connected trough OpenVPN client. As you see in the graph above.
The [Office´s Client A], is a simple office with a ADLS to access internet and all computers use OpenVPN client to connect to pfsense firewall.
Now those users can access the network (192.168.20.x/29) without any problem, but the idea is to find a way that the server or computers on network 192.168.20.x can print out some documents into the [Office´s Client A] (192.168.1.0/24) network, the printer is configured by ip 192.168.1.60/24

That is possible?
Gully

JKnott · Mar 16, 2018, 3:14 PM

Unless I'm missing something, that should be easy to do. Once you set up the VPN, it's just normal routing. I assume you've got something running OpenVPN at the remote site.

veebr0 · Mar 19, 2018, 2:55 PM

Thanks JKnott, yes if you see the graph into the client site exists computers and printers with ip´s 192.168.1.X/24, but exist a Windows Server r2 with ip 192.168.20.X that need to reach subnet 192.168.1.x/24 (client LAN) due to the obsoleted application installed on this server need to print out directly to this subnet (Lan Client).

If possible to you explain to me where I need to put the route, I really appreciate it, and let me know if I need an additional action into the pfsense firewall rules.

P.D. I tried to put a manual route add into the Window server like:
Add route 192.168.1.0 mask 255.255.255.0 10.0.20.1 where 20.1 is the Default GW for a OPenVPN interface. But doe´s not work , time out received.

Thanks in advance,

Gully

ashima · Mar 20, 2018, 6:48 AM

Hi,

That is possible if you are having site-2-site openvpn connection. Then all the systems from Client A side can access 192.168.20.x series and vice versa. As far as I can understand from your post is that you are running windows based openvpn client software on individual systems on Client A. If that is the case then I guess you will not able to access systems on Client A side from 192.168.20.x.

I suggest to put up a device (may be another pfsense device) at Client A and then the two devices can make a openvpn connection. Then all the devices from either side should be able to talk to each other.

regards,
Ashima

JKnott · Mar 20, 2018, 2:03 PM

Are the computers sharing one subnet? Or do they have separate tunnels?

veebr0 · Apr 6, 2018, 3:18 PM

@ashima:

Hi,

That is possible if you are having site-2-site openvpn connection. Then all the systems from Client A side can access 192.168.20.x series and vice versa. As far as I can understand from your post is that you are running windows based openvpn client software on individual systems on Client A. If that is the case then I guess you will not able to access systems on Client A side from 192.168.20.x.

I suggest to put up a device (may be another pfsense device) at Client A and then the two devices can make a openvpn connection. Then all the devices from either side should be able to talk to each other.

regards,
Ashima

Thanks to all, following the Ashima suggestion I solved the problem, I just bought a simple router board Mikrotik RB260GS and make the connection site to site open VPN,

So now is solved.

Thanks to all for your cooperation, all the best.
Gully