Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issues in setting up OpenVPN between 2 pfsense

    Scheduled Pinned Locked Moved OpenVPN
    15 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sid1584
      last edited by

      Hello Experts ,

      This is my lab topology . I have pfsense connected to two wireless routers as upstream devices that is connected to the ISP and reaches out to the Internet. Since the lab is being setup in my home , I don't have direct WAN connection to the ISP. Further, one interface LAN is connected to the wireless router by wireless bridge ---> switch---->pfsense . However other interface OPT is connected directly to the LTE based wireless router leading to internet. There is proper communication between all the devices since they are on the same VLAN.

      My objective is to access my network devices on my home network from the outside through OpenVPN.

      e6f5039e-c048-435d-aad9-4f0a504a69a9-image.png

      I made the pfsense SG1100 as open VPN client and other pfsense as OpenVPN server. This is because I run the other Pfsense on cloud with static public, which makes it easier to setup VPN.

      From the pfsense SG1100, I see that the OpenVPN is up

      fb1bbfef-38ee-416d-8fa8-38f5645073a0-image.png

      At the Pfsense /OpenVPN server, I see the VPN is up

      c6c80696-d812-4963-bd0d-cf17b9f3098e-image.png

      I tried to ping the tunnel IP 192.168.4.2 from the server , it wasn't successful. However I have the 192.168.4.1 reachable from OpenVPN server . I think I am missing routes but I am not entirely sure.

      Here are my questions
      After I setup VPN , is the communication bidirectional , meaning can I reach the network behind pfsense sg1100 from the server?.
      what configuration do I need to access the network devices behind the OpenVPN client from the OpenVPN server ?.
      Do I need virtual interface to make this work ?.

      I am pretty new to pfsense but quite passionate to learn about it. My apologies if my question seems to be simple

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Is it me or do you have a circle in your network ? The Wireless router and Home router are both connected to the net ?
        pfSense has a WAN ?
        Why not putting pfSense upfront ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • S
          Sid1584
          last edited by

          Thank you for your response . I rent a room in a house , the landlord isn't tech savy and doesn't want me doing any changes to the home router. ISP has provided residential internet connection unlike the enterprise/business connection with static public IP . That's why I cant put my pfsense upfront . Further home router is on a different subnet and pfsense only uses Wireless router since its the default gateway. The other router is LTE based home router , which was connected to the OPT interface during my attempts to configure redundant gateway. There is no circle or loop in the network

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by

            You need to add Firewall Rules in the OpenVPN tab to allow communication.

            -Rico

            S 1 Reply Last reply Reply Quote 0
            • chpalmerC
              chpalmer
              last edited by

              Show via screenshot the bottom half (where it shows remote network) of your OpenVPN setup pages..

              Show your OpenVPN firewall rules.

              S 1 Reply Last reply Reply Quote 0
              • S
                Sid1584
                last edited by

                Pfsense as OpenVPN server

                OpenVPN setup page
                146f2f5b-2209-4184-ba75-612c59bf04d2-image.png

                2c98c4d1-2f91-462f-adca-6797b328c3d0-image.png
                5ab517ab-0ab8-4534-b040-9d83c3d2fea0-image.png
                34e08490-1b3b-4feb-a8de-0c93988f96d5-image.png
                bbcf27b3-2a52-418f-889a-3807dab3b809-image.png
                bb61fdd2-026d-43aa-98cd-8d7bec6847b5-image.png
                9428092f-80f8-4ee0-98bd-e39ef66a4746-image.png

                WAN Interface firewall rules
                33843661-ca32-4f0a-9a17-9ba403749578-image.png
                69e8d77a-6191-424b-8344-6cc6f2a7ee5a-image.png

                NAT rules on the interface

                dc88bd94-7116-44d8-8408-195fd92976f0-image.png

                I have enabled openVPN on WAN interface rather than a virtual interface. Do you think that might be causing issues?

                1 Reply Last reply Reply Quote 0
                • S
                  Sid1584 @Rico
                  last edited by

                  @Rico The rules were automatically added when during the OpenVPN wizard. Added few NAT rules . I am not sure if that could have caused the problem . I would appreciate if you could have quick look at the rules I have added . I have attached screenshots on my comment.

                  1 Reply Last reply Reply Quote 0
                  • S
                    Sid1584 @chpalmer
                    last edited by

                    @chpalmer Please find the screenshots on my comment .

                    1 Reply Last reply Reply Quote 0
                    • GertjanG
                      Gertjan
                      last edited by

                      Part of your image :

                      fad6a998-72ea-4bec-a01e-38a9f2cda190-image.png

                      Check out carefully the principal OpenVPN server video from Netgate (Youtube - the Netgate channel)

                      You assigned an Interface to OPENVPN from the auto created OpenVPN :

                      9e9062a9-58bd-42c8-8c49-056fd58e312c-image.png

                      In that case, you can leave OpenVPN empty - it won't be used anymore, like

                      69cd0b6c-60dd-464d-a2e2-ba011780c819-image.png

                      Place (copy) the Open VPN Wizard general 'pass' rule from the OpenVPN to the OPENVPN interface.

                      3ad5a25e-26c6-4f79-9b9b-93c54fd7d559-image.png

                      No need to have two identical fire wall rules on the same interface.
                      I have two rules : one for IPv4 and one for IPv6.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        Sid1584 @Gertjan
                        last edited by

                        @Gertjan Thanks for the reply . In my OpenVPN setup , only WAN interface is enabled . However I assigned the ovpns1 to OPENVPN , i thought this deployment requires that . I removed them now. I am able to connect and VPN is up but cant connect to the Open VPN client from the server

                        GertjanG 1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @Sid1584
                          last edited by

                          @Sid1584 said in Issues in setting up OpenVPN between 2 pfsense:

                          am able to connect and VPN is up but cant connect to the Open VPN client from the server

                          You, from the outside, using some openvpn App, are the client. You connect to the server, running on your pfSense.
                          It's the client that takes action to connect to the server, not the other way around.

                          Can you confirm that you see the connection in the pfSense GUI like this :

                          81b3b61f-452e-4153-8d2b-aaa0c342e512-image.png
                          So, now, you don't have the OPENVPN any more ?
                          There is only the OpenVPN interface ? With the - just one - Wizard rule like :

                          e11a7ca4-5396-4851-86c7-a60fccead219-image.png

                          ?

                          Your client VPN logs while connecting ?
                          pfSense server logs while connecting ?

                          In what is your setup different as the 'default' Netgate OenVPN video ?

                          On your WAN interface, remove this :
                          c0ba5cbc-3e60-44ca-8c30-a7f8a03f7996-image.png

                          It's an open bar rule : let every body in. Happily enough, connections are using IPv4, so they are state based. In the future (IPv6 ) you just opened up your entire LAN network to the Internet. You might as well remove pfSense (the firewall) all together.

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          S 1 Reply Last reply Reply Quote 0
                          • S
                            Sid1584 @Gertjan
                            last edited by

                            @Gertjan I am not using OpenVPN client app rather I have made Pfsense SG1100 as the OpenVPN client and its server is the pfsense on the cloud which is depicted on the right of the topology diagram. Yeah I agree , the rules on WAN interface is open to my LAN network , its pretty bad but I dont have any LAN devices or LAN network on the cloud . In the logs I see the user is authenticated and the tunnel interface is up with its virtual IP. Do you think having one PFsense as a client and other Pfsense as a server is a feasible implementation?.

                            GertjanG 1 Reply Last reply Reply Quote 0
                            • GertjanG
                              Gertjan @Sid1584
                              last edited by

                              @Sid1584 said in Issues in setting up OpenVPN between 2 pfsense:

                              Do you think having one PFsense as a client and other Pfsense as a server is a feasible implementation?.

                              Never did so myself, but thousands are doing just that.
                              Mostly it's about tunnelling one company's site to another - interconnection company's LAN's.

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              S chpalmerC 2 Replies Last reply Reply Quote 0
                              • S
                                Sid1584 @Gertjan
                                last edited by

                                @Gertjan I am planning to setup the OpenVPN server as the central VPN gateway and expand the network if needed. If I fix this , I am pretty sure I can.

                                1 Reply Last reply Reply Quote 0
                                • chpalmerC
                                  chpalmer @Gertjan
                                  last edited by chpalmer

                                  This post is deleted!
                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.