OpenVPN on debian Box (issues with new pfsense install)
-
I recently upgraded my router and decided to go with PFSense. I've used OpenVPN on a debian box. On my new pfsense router I've added the static route and the nat settings. I am able to connect to my openvpn and can ping my network, however RDP doesn't work. What is blocking stuff from working?
On my static routes I added a new gateway (gateway was the openvpn server LAN address) then added the route for the OpenVPN address the clients get via DHCP
Thanks
-
Why aren't you running OpenVPN on pfSense?
On my static routes I added a new gateway (gateway was the openvpn server LAN address) then added the route for the OpenVPN address the clients get via DHCP
So pfSense has an IP in the LAN as well as the OpenVPN server? So you will catch an asymmetric routing issue.
LAN devices will send packets destined for openvpn clients to pfSense, where they are directed to the openvpn server, while packets from vpn clients go directly from the server to the LAN device.
That is no problem for stateless protocols like ICMP (ping), but it is for stateful connections though.Best solution will be running the server on pfSense.
Others are adding a static route for the openvpn tunnel network pointing to the vpn server to each LAN device or doing SNAT on the vpn server or putting the vpn server in a separate transfer network and routing LAN traffic to pfSense and the vpn traffic to the vpn server. -
So here is how it's setup
LAN 10.10.1.0 /24
OpenVPN 10.28.0.0/24PFSense Router 10.10.1.253
OpenVPN Debian box 10.10.1.249I created a gateway of 10.10.1.249
Created a Static route 10.28.0.0 255.255.255.0 10.10.1.249Is this not correct?
-
As I mentioned above, with such a setup you will end up in asymmetric routing issues.
-
So I setup openvpn on the pfsense box. It works and I can rdp into my desktop, however I am unable to ping my switch or ssh into it. I've added a custom option to push "route 10.10.1.0 255.255.255.0" but still no luck.
What am I missing here?
Thank you
-
Are the network settings correct on the switch? Is the internal pfSense IP the gateway on it?
Another reason could be that it blocks access to management interface from addresses outside off its own network segment. If this is the case you can get it working by an SNAT rule on pfSense.