How does pfSense handle OpenVPN subnet?
-
Hello, all!
I recently setup an OpenVPN from my house that works well for me to connect in remotely. However, once I connect, I can access my pfSense router (which I am going to be firewalling off soon) but nothing else, ie other VLANs. I'm sure that this is due to firewall rules, but I am unclear on how to configure things.
I noticed that there is an OpenVPN tab under firewall rules that I can add rules to. However, there is also now an unassigned interface. Am I supposed to assign that interface so that I can edit things such as DHCP, VLAN tags, etc? When I setup OpenVPN initially, I had to specify a subnet that wasn't in use anywhere. Am I correct in assuming that OpenVPN created its own VLAN with default rules with that subnet, and if I want to modify it I have to assign that "ovpns" interface?
I think the part that confuses me overall is that OpenVPN took that subnet I specified and created a whole network around it, but I don't see it as an editable object anywhere in pfSense like I do my other VLANs/interfaces.
Thanks!
-
You do not have to assign OpenVPN to an interface.
You do need to have a rule in place on your OpenVPN firwall tab to allow your vpn subnet access to the rest of your subnets.
Its been a while but I believe the subnets have to be added to the config file of any OpenVPN instance running in a "road warrior" client device.
If you are connecting via another router then the subnets need to be added to that box under "IPv4 Remote network(s)"
-
Thanks for the reply! I had no idea about specifying subnets in the config file; I'll go read up on that more.
Yes, I am connecting from behind another router (at work). I'm trying to access a server that's on a separate VLAN than what OpenVPN puts me on. It looks something like this:
Work PC --> Work Router --> {WAN/Internet} --> pfSense --trunk--> switch --> server
Where in pfSense do I need to add the subnets that you are mentioning? Also, I shouldn't have to worry about tagging my traffic to go through the switch, correct?