PfSense: How can I ping ip on my lan from my local machine passing through wan address (pfsense on virtual machine)
-
I am working on a project which requires me to set up a lab that works like a secure office environment. That is - an internal network with a domain controller etc. Its using PfSense as the router. However I also require my local machine to be able to talk to this internal network from outside the internal network in order to deploy using packer.
I basically want to be able to ping a virtual machine on the lan network for now, then I should be fine from there.
Ive fiddled loads with pfsense nat rules and firewall rules but have had no luck.
Any simple config ideas?
-
openvpn between pfsense and your local machine. you can use the wizard and the package openvpn-client-export
-
@kiokoman I'll give it a go, cheers - would the listener be the LAN (might be a silly question but assume it will be since this is what we want to talk to/through)
-
@kiokoman Ive attempted it but still doesn't work.
My lan network IP is 192.168.1.1 and my tunnel network is 10.10.10.1.
I set the local network ip to the Lan network Ip.
protocol udp4/port 1194
Sound correct?
-
listener must be WAN
you need to open port 1194 udp with destination "This Firewall" on the wan interface, you are connecting from the WAN to be able to access the LAN.
inside "Local Network" you need to specify 192.168.1.0/24 .
take in mind that for this to work your pc MUST be on a different subnet
-
@kiokoman Ah makes sense! Thank you, will let you know if this works
-
For refrence:
https://docs.netgate.com/pfsense/en/latest/book/openvpn/using-the-openvpn-server-wizard-for-remote-access.html
-
I also found this which might be good? I am currently at the vpn client export bit and learning how to correctly use this package in order to get it to work https://elitshelp.zendesk.com/hc/en-us/articles/115003168045-OpenVPN-Configuration-pfSense-
-
So im at the client export part... But not finding anyway for me to export the openvpn settings?
-
Did you install the client export package?
If you did and have the new menu but there are no clients listed as available it's because none have the right certificates to use with the selected server.
Steve
-
I think I've looked into this for too long and Ive completely confused myself. Talk to me like I'm stupid.
I've just factory reset my pfsense settings because I believe I over convoluted everything.
Is the only thing I need to do is have openVPN set up on the single pfsense box I have on virtual box.
Ive seen videos on youtube and online allsorts where someones gone on different ips to set up clients etc.
--
basically.... Can I just run through the openVPN wizard and thats it. Im missing knowledge thats probably preventing me from configuring this properly. And over complicated my understanding with multiple different guides on the process
--
And yes I installed the client export package
-
Ok so:
-
Run through the OpenVPN remote access setup wizard
-
Create a test user in System > User Manager and make sure you add a client certificate to that user created against the same CA the wizard created.
-
Install the Client Export Package. You should now see the various client types available for your test user in VPN > OpenVPN > Client Export.
Pretty much what it says here:
https://docs.netgate.com/pfsense/en/latest/book/openvpn/using-the-openvpn-server-wizard-for-remote-access.htmlSteve
-
