Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense 2.4.4. wtih Open VPN

    Scheduled Pinned Locked Moved
    Routing and Multi WAN
    2
    5
    496
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      Yamyam48
      last edited by

      Hi,
      Currently we have a PFSense firewall 2.4.4-Release-p3. Its been running for a few weeks now without any problems and we have also installed and configured OpenVPN without any issues..
      We have IPsec site to site tunnels for another 9 sites...
      At the moment when I connect via OpenVPN I can only access resources on the Local subnet.
      In the Open VPN Server settings we have the local subnet of 172.16.2.0 but at the moment we have also added in various subnets at other sites we need to access via the VPN.
      I cannot access these subnets though...
      I have tried adding the IPv4 Tunnel network used by the vpn to the IPSec tunnels P2 settings for each site it needs to get to but this has made no difference.
      Also on the Open VPN Rules we have at the moment the default rule created when Open VPN was configured...
      Where should I be making changes to get the VPN routing working? Is it the P2 settings for each tunnel, open VPN Firewall rules or both of the above?
      Any help to point me in the right direction is much appreciated.
      Thanks

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        So if I understand you correctly, you want to access a subnet behind an IPSec VPN from the OpenVPN clients subnet, right?

        An explanation would be more clear if you tell us concrete subnets.

        1 Reply Last reply Reply Quote 0
        • Y
          Yamyam48
          last edited by

          Hi,
          Yes that's correct..
          The Open VPN Client ( network 192.168.91.0/24) connects okay to the LAN (172.16.2.0/24) of that PFSense server
          We have IPSEC Tunnels between other sites and I need this VPN Client to access resources at some of the other sites..
          I have added in the Open VPN Tunnel network (192.168.91.0/24) on the IPSec tunnel on the London PFSense to our Worthing LAN (10.190.36.0/24)
          And in the Open VPN Server settings it also has that Worthing LAN as one of the IPv4 Networks accessible...
          The Open VPN firewall rule in place at the moment is the default rule creating when using the open VPN Wizard, allow any port & source to any destination & port ( all protocols)

          Is there something else I am missing?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            In the OpenVPN server settings you have to add all the remote networks (that are behind the IPSec VPNs) to the "Local Networks" and ensure that the client pulls routes.

            In the IPSec settings at pfSense and the remote site you have to add a phase 2 for each remote network. On local pfSense you put the OpenVPN tunnel in the local network box and the remote subnet in the remote box. On the remote device you set the networks contrarily.

            Also consider that the computers firewalls may block access from remote networks by default. So you will have to add rules to allow that access.

            1 Reply Last reply Reply Quote 0
            • Y
              Yamyam48
              last edited by

              Hi Thanks yeah I had done all of that and it wasn't working.. However in the Open VPN Server advanced configuration I did add a push route for 10.190.36.0 255.255.255.0 and now I am able to communicate with resources on the Worthing LAN.
              So I am guessing this was the missing link...

              1 Reply Last reply Reply Quote 0
              • First post
                Last post