Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Access to LAN behind client

    OpenVPN
    2
    3
    861
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shetu
      last edited by

      Hello,
      I have no clue how to configure route for this type of setup.
      Thanks.
      I have the following setup:
      Centos openvz vps (venet0)
      OpenVPN server IP: 10.8.0.1

      PFsense router Acts as OpenVPN client
      Lan: 192.244.11.0/24
      Openvpn client ip : 10.8.0.2
      Windows client
      Lan : 192.244.11.1
      I want the centos Server to be able to access the LAN of the PFsense. The Windows client in the PFsense LAN needs to be able communicate with the centos Server box as well.

      port 1194
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
client-to-client
push "route 192.244.11.0 255.255.255.0"
;route 192.244.11.0 255.255.255.0 10.8.0.1
;	-------------------------
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp" 
crl-verify crl.pem
ca ca.crt
cert server_g9hq31FXVL3AsXq0.crt
key server_g9hq31FXVL3AsXq0.key
tls-auth tls-auth.key 0
dh dh.pem
auth SHA256
cipher AES-128-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status openvpn.log
verb 3

      pfsense client

      client
proto udp
remote ***************** 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_g9hq31FXVL3AsXq0 name
auth SHA256
auth-nocache
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
-----BEGIN CERTIFICATE-----
BTusOrY68gxGlFw3smOloawS6xhnm4hVFWMhYg=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
G3uB2I+MqZpoO83YsZ//HqiE4H
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
      1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance
        last edited by

        Did you go through one of the site-to-site examples? https://www.netgate.com/docs/pfsense/book/openvpn/index.html

        As I recall the routing should be handled automatically but you'd need to add firewall rules: https://www.netgate.com/docs/pfsense/book/openvpn/allowing-traffic-over-openvpn-tunnels.html

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • S
          shetu
          last edited by

          No. I used some tutorial of PIA open vpn client.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.