OpenVPN Access to LAN behind client



  • Hello,
    I have no clue how to configure route for this type of setup.
    Thanks.
    I have the following setup:
    Centos openvz vps (venet0)
    OpenVPN server IP: 10.8.0.1

    PFsense router Acts as OpenVPN client
    Lan: 192.244.11.0/24
    Openvpn client ip : 10.8.0.2
    Windows client
    Lan : 192.244.11.1
    I want the centos Server to be able to access the LAN of the PFsense. The Windows client in the PFsense LAN needs to be able communicate with the centos Server box as well.

    port 1194
    proto udp
    dev tun
    user nobody
    group nobody
    persist-key
    persist-tun
    keepalive 10 120
    topology subnet
    server 10.8.0.0 255.255.255.0
    client-to-client
    push "route 192.244.11.0 255.255.255.0"
    ;route 192.244.11.0 255.255.255.0 10.8.0.1
    ;	-------------------------
    ifconfig-pool-persist ipp.txt
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    push "redirect-gateway def1 bypass-dhcp" 
    crl-verify crl.pem
    ca ca.crt
    cert server_g9hq31FXVL3AsXq0.crt
    key server_g9hq31FXVL3AsXq0.key
    tls-auth tls-auth.key 0
    dh dh.pem
    auth SHA256
    cipher AES-128-CBC
    tls-server
    tls-version-min 1.2
    tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
    status openvpn.log
    verb 3
    

    pfsense client

    client
    proto udp
    remote ***************** 1194
    dev tun
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    remote-cert-tls server
    verify-x509-name server_g9hq31FXVL3AsXq0 name
    auth SHA256
    auth-nocache
    cipher AES-128-CBC
    tls-client
    tls-version-min 1.2
    tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
    setenv opt block-outside-dns
    verb 3
    <ca>
    -----BEGIN CERTIFICATE-----
    
    -----END CERTIFICATE-----
    </ca>
    <cert>
    Certificate:
    -----BEGIN CERTIFICATE-----
    BTusOrY68gxGlFw3smOloawS6xhnm4hVFWMhYg=
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN PRIVATE KEY-----
    G3uB2I+MqZpoO83YsZ//HqiE4H
    -----END PRIVATE KEY-----
    </key>
    key-direction 1
    <tls-auth>
    #
    # 2048 bit OpenVPN static key
    #
    -----BEGIN OpenVPN Static key V1-----
    -----END OpenVPN Static key V1-----
    </tls-auth>
    


  • Did you go through one of the site-to-site examples? https://www.netgate.com/docs/pfsense/book/openvpn/index.html

    As I recall the routing should be handled automatically but you'd need to add firewall rules: https://www.netgate.com/docs/pfsense/book/openvpn/allowing-traffic-over-openvpn-tunnels.html



  • No. I used some tutorial of PIA open vpn client.


Log in to reply