Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How does pfSense handle OpenVPN subnet?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 343 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      subterminal
      last edited by

      Hello, all!

      I recently setup an OpenVPN from my house that works well for me to connect in remotely. However, once I connect, I can access my pfSense router (which I am going to be firewalling off soon) but nothing else, ie other VLANs. I'm sure that this is due to firewall rules, but I am unclear on how to configure things.

      I noticed that there is an OpenVPN tab under firewall rules that I can add rules to. However, there is also now an unassigned interface. Am I supposed to assign that interface so that I can edit things such as DHCP, VLAN tags, etc? When I setup OpenVPN initially, I had to specify a subnet that wasn't in use anywhere. Am I correct in assuming that OpenVPN created its own VLAN with default rules with that subnet, and if I want to modify it I have to assign that "ovpns" interface?

      I think the part that confuses me overall is that OpenVPN took that subnet I specified and created a whole network around it, but I don't see it as an editable object anywhere in pfSense like I do my other VLANs/interfaces.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • chpalmerC
        chpalmer
        last edited by

        You do not have to assign OpenVPN to an interface.

        You do need to have a rule in place on your OpenVPN firwall tab to allow your vpn subnet access to the rest of your subnets.

        Its been a while but I believe the subnets have to be added to the config file of any OpenVPN instance running in a "road warrior" client device.

        If you are connecting via another router then the subnets need to be added to that box under "IPv4 Remote network(s)"

        Triggering snowflakes one by one..
        Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

        1 Reply Last reply Reply Quote 0
        • S
          subterminal
          last edited by subterminal

          Thanks for the reply! I had no idea about specifying subnets in the config file; I'll go read up on that more.

          Yes, I am connecting from behind another router (at work). I'm trying to access a server that's on a separate VLAN than what OpenVPN puts me on. It looks something like this:

          Work PC --> Work Router --> {WAN/Internet} --> pfSense --trunk--> switch --> server

          Where in pfSense do I need to add the subnets that you are mentioning? Also, I shouldn't have to worry about tagging my traffic to go through the switch, correct?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.