Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN to Target LAN resource Firewall Rule Set up

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 3 Posters 742 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      VirtuousVigor
      last edited by VirtuousVigor

      Hello all,

      I successfully added an OpenVPN user through the wizard on pfSense.

      I did the certificates authority and certificate server set up. I selected for server mode Remote Access(SSL/TLS + User Auth) as these are external WAN clients operating remotely in different time zones.

      I exported the client package executable.

      My question is in order to get LAN target resource .28 and .29 off of MS RDP and make them OpenVPN tunnel destinations I must set up the Firewall Rule correct?

      Do I have to configure anything in NAT as well?

      This is my first time working with VPN so I want to ensure I do this correctly.

      Here is the Firewall scheme I have currently:

      0_1548347597990_FirewallNAT.PNG

      0_1548347604412_FirewallRules.PNG

      I also get a TLS handshake failure when trying to connect the VPN from external network device with the current client executable so I must troubleshoot that as well.

      Thank you.

      K 1 Reply Last reply Reply Quote 0
      • K
        Konstanti @VirtuousVigor
        last edited by Konstanti

        @virtuousmight

        Hey
        Hosts. 28 and .29 are in a lan network ?

        1 Reply Last reply Reply Quote 1
        • V
          VirtuousVigor
          last edited by

          Konstanti,

          Yes IP ...28 and .....29 are computers that have been DHCP static mapped on our local area network.

          So previously the two employees were getting into our LAN remotely via MS RDP, but that is not optimal since it is not secure.

          So I am trying to get them to connect to those to destination computers in our LAN with OpenVPN instead.

          K 2 Replies Last reply Reply Quote 0
          • K
            Konstanti @VirtuousVigor
            last edited by

            @virtuousmight
            https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html
            https://www.netgate.com/docs/pfsense/vpn/openvpn/openvpn-remote-access-server.html

            1 Reply Last reply Reply Quote 1
            • K
              Konstanti @VirtuousVigor
              last edited by Konstanti

              @VirtuousMight

              Right decision
              Look for links, there are answers to all questions
              How to configure remote access using OPENVPN
              All errors can be viewed /Status / system logs/openvpn

              1 Reply Last reply Reply Quote 1
              • RicoR
                Rico LAYER 8 Rebel Alliance
                last edited by

                Hmmm double posting? 🙃
                https://forum.netgate.com/topic/139808/openvpn-direct-connection-to-static-ip-desktop-mac-address

                -Rico

                1 Reply Last reply Reply Quote 1
                • V
                  VirtuousVigor
                  last edited by

                  Very much not well-versed in this so trying to be more specific and post in the OpenVpN board and not general discussion.

                  1 Reply Last reply Reply Quote 0
                  • RicoR
                    Rico LAYER 8 Rebel Alliance
                    last edited by

                    I've posted right in the other thread and then saw this one here.
                    Maybe my posting there can help you...check it out.

                    -Rico

                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.