• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN Access to LAN behind client

Scheduled Pinned Locked Moved OpenVPN
3 Posts 2 Posters 986 Views 2 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    shetu
    last edited by Dec 19, 2018, 6:35 PM

    Hello,
    I have no clue how to configure route for this type of setup.
    Thanks.
    I have the following setup:
    Centos openvz vps (venet0)
    OpenVPN server IP: 10.8.0.1

    PFsense router Acts as OpenVPN client
    Lan: 192.244.11.0/24
    Openvpn client ip : 10.8.0.2
    Windows client
    Lan : 192.244.11.1
    I want the centos Server to be able to access the LAN of the PFsense. The Windows client in the PFsense LAN needs to be able communicate with the centos Server box as well.

    port 1194
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
client-to-client
push "route 192.244.11.0 255.255.255.0"
;route 192.244.11.0 255.255.255.0 10.8.0.1
;	-------------------------
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp" 
crl-verify crl.pem
ca ca.crt
cert server_g9hq31FXVL3AsXq0.crt
key server_g9hq31FXVL3AsXq0.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA256
cipher AES-128-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log
verb 3

    pfsense client

    client
proto udp
remote ***************** 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_g9hq31FXVL3AsXq0 name
auth SHA256
auth-nocache
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
-----BEGIN CERTIFICATE-----
BTusOrY68gxGlFw3smOloawS6xhnm4hVFWMhYg=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
G3uB2I+MqZpoO83YsZ//HqiE4H
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
    1 Reply Last reply Reply Quote 0
    • S Offline
      SteveITS Galactic Empire
      last edited by Dec 19, 2018, 6:44 PM

      Did you go through one of the site-to-site examples? https://www.netgate.com/docs/pfsense/book/openvpn/index.html

      As I recall the routing should be handled automatically but you'd need to add firewall rules: https://www.netgate.com/docs/pfsense/book/openvpn/allowing-traffic-over-openvpn-tunnels.html

      Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 0
      • S Offline
        shetu
        last edited by Dec 20, 2018, 3:14 AM

        No. I used some tutorial of PIA open vpn client.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received