PFSense as a VPN server only
I have a problem that I am trying to wrap my head around. I think it has to do with the routing table so steer me in the right direction if I am wrong.
I have pfsense setup with a WAN running OpenVPN. I have an interface that connects to a existing network with all its own services. That interface gets a dhcp ip address (10.144.77.0/24). I want to limit any connection that comes in thru the VPN to only talk to this interface. Would even be better if each VPN client grabbed an IP on that interface as if it was a switch interface.
Currently when I am connected to the VPN I can ping clients on the 10.144.77.0/24 subnet. I have the VPN auto assign DNS for that subnet so that I can find objects on other vlans. This works. But I am unable to ping anything outside the external LAN. However if I use PFSense's ping I can ping all around the external network.
Ultimately, what I want is for a user to connect to OpenVPN and get an IP on the 10.144.77.0/24 network like they were connecting there laptop directly to that network. Again this network is not managed by PFSense.
If I understand you correctly, we are doing this at one of our sites now by using OpenVPN in tap mode
Our PfSense has 2 WAN links, 2 LAN interfaces and about a dozen VLANS.
In the OpenVPN config, we have specified a Server Bridge DHCP start and end range, which is outside our Windows server DHCP scope on the same LAN [this may not be required, we wanted to be able to see which clients were local and which were remote by looking at the IPs]
No tunnel network is specified.
When the client logs in, they get an IP in the same subnet as the LAN interface, and they can access all services within the LAN. They can also route traffic back to the internet as if they were connected via the office network.
I do not have a how to for this, but I recall it was not overly difficult to setup.