4. How does pfSense handle OpenVPN subnet?

How does pfSense handle OpenVPN subnet?

  • S

    Hello, all!

    I recently setup an OpenVPN from my house that works well for me to connect in remotely. However, once I connect, I can access my pfSense router (which I am going to be firewalling off soon) but nothing else, ie other VLANs. I'm sure that this is due to firewall rules, but I am unclear on how to configure things.

    I noticed that there is an OpenVPN tab under firewall rules that I can add rules to. However, there is also now an unassigned interface. Am I supposed to assign that interface so that I can edit things such as DHCP, VLAN tags, etc? When I setup OpenVPN initially, I had to specify a subnet that wasn't in use anywhere. Am I correct in assuming that OpenVPN created its own VLAN with default rules with that subnet, and if I want to modify it I have to assign that "ovpns" interface?

    I think the part that confuses me overall is that OpenVPN took that subnet I specified and created a whole network around it, but I don't see it as an editable object anywhere in pfSense like I do my other VLANs/interfaces.

    Thanks!

    0

  • You do not have to assign OpenVPN to an interface.

    You do need to have a rule in place on your OpenVPN firwall tab to allow your vpn subnet access to the rest of your subnets.

    Its been a while but I believe the subnets have to be added to the config file of any OpenVPN instance running in a "road warrior" client device.

    If you are connecting via another router then the subnets need to be added to that box under "IPv4 Remote network(s)"

    0
  • S

    Thanks for the reply! I had no idea about specifying subnets in the config file; I'll go read up on that more.

    Yes, I am connecting from behind another router (at work). I'm trying to access a server that's on a separate VLAN than what OpenVPN puts me on. It looks something like this:

    Work PC --> Work Router --> {WAN/Internet} --> pfSense --trunk--> switch --> server

    Where in pfSense do I need to add the subnets that you are mentioning? Also, I shouldn't have to worry about tagging my traffic to go through the switch, correct?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy