setting up vpn



  • Hi.
    I am trying to enable vpn on my pfsense and i used this tutorial:

    https://turbofuture.com/computers/How-to-Setup-a-Remote-Access-VPN-Using-pfSense-and-OpenVPN

    So far everything is great. So now how can i access my web gui in the internet ?



  • my LAN is: 10.10.10.0/24; LAN address: 10.10.10.1
    tunel: 192.168.20.0/24


  • Rebel Alliance Global Moderator

    hit your lan IP when you have your vpn connection.. Or if you allowed for dns just hit the pfsense fqdn.

    As long as the local network your vpn from is not 10.10.10 or stepping over that /24 then you should have no issues. I do it almost every day from work.

    My lan IP is 192.168.9.253, and just hitting it via its fqdn from work network.

    0_1531756560008_fromvpn.png

    0_1531756747500_vpntrace.png



  • @johnpoz
    By hit you mean just put my LAN ip address in browser and press ENTER rigth ?


  • Rebel Alliance Global Moderator

    Well yeah ;)

    As long as your browser is not setup to use a proxy you should go down the vpn and hit your web gui on pfsense.



  • @johnpoz

    My LAN is 10.10.10.0/24 and i am trying to connect at 172.20.18.0/24. Why am i getting this error ?

    Tue Jul 17 09:00:20 2018 OpenVPN 2.3.18 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Sep 26 2017
    Tue Jul 17 09:00:20 2018 Windows version 6.2 (Windows 8 or greater) 32bit
    Tue Jul 17 09:00:20 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
    Tue Jul 17 09:00:27 2018 Control Channel Authentication: using 'pfSense-udp-1194-teste-tls.key' as a OpenVPN static key file
    Tue Jul 17 09:00:27 2018 UDPv4 link local (bound): [undef]
    Tue Jul 17 09:00:27 2018 UDPv4 link remote: [AF_INET]192.168.2.2:1194
    Tue Jul 17 09:00:28 2018 read UDPv4: Net dropped connection or reset (WSAENETRESET) (code=10052)
    Tue Jul 17 09:00:29 2018 read UDPv4: Net dropped connection or reset (WSAENETRESET) (code=10052)
    Tue Jul 17 09:00:33 2018 read UDPv4: Net dropped connection or reset (WSAENETRESET) (code=10052)


  • Rebel Alliance Global Moderator

    @ruimiguel said in setting up vpn:

    UDPv4 link remote: [AF_INET]192.168.2.2:1194

    How do you think you could connect to a rfc1918 address over the internet?

    If you pfsense is behind a NAT and has rfc1918 on its wan, then you have to set your client to use your actual public IP and port forward the device in front of pfsense to pfsense wan the port your running openvpn on, 1194 as example.



  • @johnpoz
    Ok. Thankx for the heads up.
    1º) For my configuration to work o should have a public ip address on my WAN. Ok

    2º) The solution you just pointed me continue to use vpn rigth ?
    So if yes:
    I understand the soluton you sugest. I only have 1 doubt. How can i set my clients to use my actual public ip address. The problem is whem i export a client i see no option to do this set you pointed.
    Forgive my stupidity, if this is so basic


  • Rebel Alliance Global Moderator

    Yes it is always better to have pfsense wan right on the public vs behind a NAT. But in the export util just set what your public is or what some fqdn points to your public is.

    0_1531826149533_vpnexportname.png