4. OpenVPN setup on pfsense and something I'm missing...

OpenVPN setup on pfsense and something I'm missing...

  • K

    Hi everyone

    I try to setup OpenVPN on pfSense.
    My goal is to have a static IP on the internet that I can connect to, to get into my home network.
    I don't want traffic to go out to the internet through this route, except the one that was initiated through the VPS (port forwarded).

    My situation somehow like this:
    network

    What I already worked out:

    • I set up an OpenVPN server on a VPS
    • I also got the OpenVPN client working on the pfSense, so the tunnel is up and running, so I can ping 10.1.1.1 from 10.1.1.2 and vice versa.

    What I'm struggling with is the routing between the tunnel network (10.1.1.0/24) and my home networks (several VLANs with subnets like 192.168.x.0/24):

    • If I try to ping some machine in my local network from the VPS (10.1.1.1), I can see the traffic going over the tunnel (in the traffic graph), but nothing arrives at my machine (checked with wireshark)
    • If I try to ping 10.1.1.1 from somewhere in my local network (e.g. 192.168.1.100), I there's no traffic on the tunnel
    • If I traceroute my local network machine from the pfSense (source 10.1.1.2) then it seems to be stuck directly at the gateway:
      1 10.1.1.2 39.255 ms 33.299 ms 31.461 ms
      2 10.1.1.2 62.069 ms 62.753 ms 54.512 ms
      3 10.1.1.2 59.731 ms 90.618 ms 81.735 ms
      4 10.1.1.2 88.704 ms 85.744 ms 111.079 ms

    So I'm sure I must be missing something but I just don't grasp it.
    I'm already working on this setup for some days now, so I beg for your help :)

    Finally, my configs:

    server.conf on the VPS:

    port 1194
proto udp
dev tun
tls-version-min 1.2
cipher AES-256-CBC
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
ca ca.crt
cert server_stargate01.crt
key server_stargate01.key  # This file should be kept secret
dh dh.pem
topology subnet
server 10.1.1.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
comp-lzo no
keepalive 10 120
tls-auth ta.key 0 # This file is secret
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
log-append  /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1

client-config-dir ccd
client-to-client

route 192.168.1.0 255.255.255.0
route 192.168.2.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"

    ccd/client file:

    ifconfig-push 10.1.1.2 255.255.255.255

iroute 192.168.1.0 255.255.255.0
iroute 192.168.2.0 255.255.255.0

    In the OpenVPN client configuration on the pfSense, I got these settings (condensed to the most important. Ask if you need anything else):

    • Server mode: peer to peer (SSL/TLS)
    • Protocol: UDP on IPv4 only
    • Device mode: tun
    • IPv4 Tunnel network(s): empty
    • IPv4 Remote network(s): empty
    • Topology: subnet
    • Don't pull routes: unchecked
    • Don't add/remove routes: checked
    • Custom options: empty
    • Gateway creation: IPv4 only

    Gateway settings:

    • Address family: IPv4
    • Gateway: 10.1.1.2

    Everything else is default.

    Thanks
    Kaisai

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy