Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense connecting to existing OpenVPN Server

    OpenVPN
    2
    3
    1843
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gavinlew last edited by

      Hi All,

      I'm currently migrating to pfSense from DD-Wrt (VPN) and I am trying to achieve the following

      pfSense                                OpenVPN
          Home                                    Server                                Client
                            –---------->                          -------------'    PC's
        192.168.1.X                              10.9.8.X                            10.9.8.X

      I have configured the VPN Client in pfSense to connect to the OpenVPN server , from pfSense I can ping hosts on the VPN and from the OpenVPN server I can ping pfSense, however I cannot route from OpenVPN back to pfSense - this all worked with DDWrt

      I have modified the openvpn server.conf file as below

      push "route 192.168.1.0 255.255.255.0"
      route 192.168.1.0 255.255.255.0

      I think either im missing something in pfSense, or I have misunderstood the way of setting the pfSense box up?

      Many Thanks,

      1 Reply Last reply Reply Quote 0
      • K
        ktims last edited by

        Routing subnets over OpenVPN is somewhat non-trivial since both the client and server routing tables need to be manipulated to be aware of the subnets on either side of the tunnel. IPsec is easier to get working for a LAN->LAN tunnel, or bridging may work for your application as well.

        You really need to read the OpenVPN HOWTO, particularly the section entitled 'Expanding the scope of the VPN to include additional machines on either the client or server subnet.' to make this work. Your 'push' command is definitely backwards, it should advertise the 10.9.8.0/24 subnet. The route command is necessary as it is, but you also need an iroute attached to a client CN. I'm wondering from the lack of detail if you're also using 10.9.8.0/24 as your internal OpenVPN subnet, which will never work.

        1 Reply Last reply Reply Quote 0
        • G
          gavinlew last edited by

          Hi,

          Thanks for the reply - things are certainly different in regards to achieving this using pfSense

          I think I have now set this up the correct way , just using the OpenVPN Client settings in the pfSense GUI.

          From a remote host connected to the VPN server , I can now ping the pfSense box and a device on the internal network.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post