Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How does pfSense handle OpenVPN subnet?

    OpenVPN
    2
    3
    43
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      subterminal last edited by

      Hello, all!

      I recently setup an OpenVPN from my house that works well for me to connect in remotely. However, once I connect, I can access my pfSense router (which I am going to be firewalling off soon) but nothing else, ie other VLANs. I'm sure that this is due to firewall rules, but I am unclear on how to configure things.

      I noticed that there is an OpenVPN tab under firewall rules that I can add rules to. However, there is also now an unassigned interface. Am I supposed to assign that interface so that I can edit things such as DHCP, VLAN tags, etc? When I setup OpenVPN initially, I had to specify a subnet that wasn't in use anywhere. Am I correct in assuming that OpenVPN created its own VLAN with default rules with that subnet, and if I want to modify it I have to assign that "ovpns" interface?

      I think the part that confuses me overall is that OpenVPN took that subnet I specified and created a whole network around it, but I don't see it as an editable object anywhere in pfSense like I do my other VLANs/interfaces.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • chpalmer
        chpalmer last edited by

        You do not have to assign OpenVPN to an interface.

        You do need to have a rule in place on your OpenVPN firwall tab to allow your vpn subnet access to the rest of your subnets.

        Its been a while but I believe the subnets have to be added to the config file of any OpenVPN instance running in a "road warrior" client device.

        If you are connecting via another router then the subnets need to be added to that box under "IPv4 Remote network(s)"

        1 Reply Last reply Reply Quote 0
        • S
          subterminal last edited by subterminal

          Thanks for the reply! I had no idea about specifying subnets in the config file; I'll go read up on that more.

          Yes, I am connecting from behind another router (at work). I'm trying to access a server that's on a separate VLAN than what OpenVPN puts me on. It looks something like this:

          Work PC --> Work Router --> {WAN/Internet} --> pfSense --trunk--> switch --> server

          Where in pfSense do I need to add the subnets that you are mentioning? Also, I shouldn't have to worry about tagging my traffic to go through the switch, correct?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy