setting up vpn
I am trying to enable vpn on my pfsense and i used this tutorial:
So far everything is great. So now how can i access my web gui in the internet ?
my LAN is: 10.10.10.0/24; LAN address: 10.10.10.1
hit your lan IP when you have your vpn connection.. Or if you allowed for dns just hit the pfsense fqdn.
As long as the local network your vpn from is not 10.10.10 or stepping over that /24 then you should have no issues. I do it almost every day from work.
My lan IP is 192.168.9.253, and just hitting it via its fqdn from work network.
By hit you mean just put my LAN ip address in browser and press ENTER rigth ?
Well yeah ;)
As long as your browser is not setup to use a proxy you should go down the vpn and hit your web gui on pfsense.
My LAN is 10.10.10.0/24 and i am trying to connect at 172.20.18.0/24. Why am i getting this error ?
Tue Jul 17 09:00:20 2018 OpenVPN 2.3.18 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Sep 26 2017
Tue Jul 17 09:00:20 2018 Windows version 6.2 (Windows 8 or greater) 32bit
Tue Jul 17 09:00:20 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Tue Jul 17 09:00:27 2018 Control Channel Authentication: using 'pfSense-udp-1194-teste-tls.key' as a OpenVPN static key file
Tue Jul 17 09:00:27 2018 UDPv4 link local (bound): [undef]
Tue Jul 17 09:00:27 2018 UDPv4 link remote: [AF_INET]192.168.2.2:1194
Tue Jul 17 09:00:28 2018 read UDPv4: Net dropped connection or reset (WSAENETRESET) (code=10052)
Tue Jul 17 09:00:29 2018 read UDPv4: Net dropped connection or reset (WSAENETRESET) (code=10052)
Tue Jul 17 09:00:33 2018 read UDPv4: Net dropped connection or reset (WSAENETRESET) (code=10052)
UDPv4 link remote: [AF_INET]192.168.2.2:1194
How do you think you could connect to a rfc1918 address over the internet?
If you pfsense is behind a NAT and has rfc1918 on its wan, then you have to set your client to use your actual public IP and port forward the device in front of pfsense to pfsense wan the port your running openvpn on, 1194 as example.
Ok. Thankx for the heads up.
1º) For my configuration to work o should have a public ip address on my WAN. Ok
2º) The solution you just pointed me continue to use vpn rigth ?
So if yes:
I understand the soluton you sugest. I only have 1 doubt. How can i set my clients to use my actual public ip address. The problem is whem i export a client i see no option to do this set you pointed.
Forgive my stupidity, if this is so basic
Yes it is always better to have pfsense wan right on the public vs behind a NAT. But in the export util just set what your public is or what some fqdn points to your public is.