Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - access to remote client lan

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 396 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Lip
      last edited by

      Hi Guys,

      I have an openvpn server running on the pfsense. Here are 3 clients connected by default. They have access to my network. So far everything works great.

      But! Now I want to access a remote client network.

      My Openvpn server is currently running in Remote Access mode (SSL / TLS + User Auth).

      openvpn: 10.0.8.0/24
      LAN: 192.168.1.0/24
      Remote Client LAN: 192.168.2.0/24

      Is it possible to do that? If yes how :)?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Yes, but there are some things you have to configure on the client to get that working:

        • The clients firewall must allow the access and pass packets through to the LAN.
        • The client must do masquerading on packets going to the LAN, otherwise you would need static routes on the LAN devices to direct response packets back.

        On the server you have to configure a client specific override for that client. Here you can assign a specific IP to the client and set the remote networks which you want to reach behind the client to instruct pfSense to add the proper routes.

        1 Reply Last reply Reply Quote 0
        • L
          Lip
          last edited by

          @viragomann thanks for Replay.

          I have set everything on the client side.

          What do I have as override deposit in the PFSense?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            You may set there any parameters you want. Mainly you have to enter the client certs common name, a specific tunnel network (/30), the "IPvX Local Network/s" as you already have in the server settings and the "IPvX Remote Network/s", where you have to enter the clients site local networks.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.