Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Access to LAN behind client

    OpenVPN
    2
    3
    868
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shetu
      last edited by

      Hello,
      I have no clue how to configure route for this type of setup.
      Thanks.
      I have the following setup:
      Centos openvz vps (venet0)
      OpenVPN server IP: 10.8.0.1

      PFsense router Acts as OpenVPN client
      Lan: 192.244.11.0/24
      Openvpn client ip : 10.8.0.2
      Windows client
      Lan : 192.244.11.1
      I want the centos Server to be able to access the LAN of the PFsense. The Windows client in the PFsense LAN needs to be able communicate with the centos Server box as well.

      port 1194
      proto udp
      dev tun
      user nobody
      group nobody
      persist-key
      persist-tun
      keepalive 10 120
      topology subnet
      server 10.8.0.0 255.255.255.0
      client-to-client
      push "route 192.244.11.0 255.255.255.0"
      ;route 192.244.11.0 255.255.255.0 10.8.0.1
      ;	-------------------------
      ifconfig-pool-persist ipp.txt
      push "dhcp-option DNS 8.8.8.8"
      push "dhcp-option DNS 8.8.4.4"
      push "redirect-gateway def1 bypass-dhcp" 
      crl-verify crl.pem
      ca ca.crt
      cert server_g9hq31FXVL3AsXq0.crt
      key server_g9hq31FXVL3AsXq0.key
      tls-auth tls-auth.key 0
      dh dh.pem
      auth SHA256
      cipher AES-128-CBC
      tls-server
      tls-version-min 1.2
      tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
      status openvpn.log
      verb 3
      

      pfsense client

      client
      proto udp
      remote ***************** 1194
      dev tun
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      remote-cert-tls server
      verify-x509-name server_g9hq31FXVL3AsXq0 name
      auth SHA256
      auth-nocache
      cipher AES-128-CBC
      tls-client
      tls-version-min 1.2
      tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
      setenv opt block-outside-dns
      verb 3
      <ca>
      -----BEGIN CERTIFICATE-----
      
      -----END CERTIFICATE-----
      </ca>
      <cert>
      Certificate:
      -----BEGIN CERTIFICATE-----
      BTusOrY68gxGlFw3smOloawS6xhnm4hVFWMhYg=
      -----END CERTIFICATE-----
      </cert>
      <key>
      -----BEGIN PRIVATE KEY-----
      G3uB2I+MqZpoO83YsZ//HqiE4H
      -----END PRIVATE KEY-----
      </key>
      key-direction 1
      <tls-auth>
      #
      # 2048 bit OpenVPN static key
      #
      -----BEGIN OpenVPN Static key V1-----
      -----END OpenVPN Static key V1-----
      </tls-auth>
      
      1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire
        last edited by

        Did you go through one of the site-to-site examples? https://www.netgate.com/docs/pfsense/book/openvpn/index.html

        As I recall the routing should be handled automatically but you'd need to add firewall rules: https://www.netgate.com/docs/pfsense/book/openvpn/allowing-traffic-over-openvpn-tunnels.html

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • S
          shetu
          last edited by

          No. I used some tutorial of PIA open vpn client.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.