requesting help with setting up remote LAN access with openvpn

High_Voltage · Mar 3, 2021, 1:55 AM

so, I'm not going to lie here, I'm a bit at a loss, and a bit out of my element and knowledge house. what I want to do is fairly simple, at least in my mind, but I have been thus far utterly unsuccessful in my attempts to get it working. I want to set up remote access to my lan, and lan devices, by way of openvpn. I have tried to follow the wizard multiple times, and read multiple online articles and guides, and so far have not been successful at all.

I'm fairly sure in no small part, that my issues can easily be pinned to one of two problem points: one, my dad has the home wifi router locked down, no port forwarding, and all non-required things disabled, and that has been a pain point for me for some time, and the other part, being that I'm trying to set up my own openvpn connection, that then gets routed through my vpn subscription I have with surfshark (this is one of the only ways I have sanity online anymore) which further complicates things for obvious reasons.

but in my mind, this should still be fully possible to get working, I just have not had any success yet.

so....anybody able to try and help me find out where I'm not getting things right please? any info needed please let me know and I'll add it, I just have no idea what info would be relevant to this issue at the moment, small migraine from trying to get this working all dang day with no success.

marvosa · Mar 3, 2021, 1:55 AM

We'll start with some high-level stuff... the wizard is fairly straightforward as long as you're aware that in a routed tunnel the subnets provided have to be unique and cannot overlap. In other words, the tunnel network and the local network (LAN) have to bet completely different networks.

Once the wizard completes, I would verify that the appropriate firewall rules were created... .e.g. the default port of 1194 is open on the WAN and an any/any rule exists on the OpenVPN tab.

Next, if we assume that your dad's router is the edge device with the public IP, you will need to get him to forward port 1194 (UDP) over to your PFsense LAN IP or your clients will never be able to connect.

As far as remote access, that's it at a basic level. Although none of it gets off the ground if you can't get the appropriate port(s) forwarded from the upstream router.

High_Voltage · Mar 3, 2021, 2:16 AM

@marvosa assuming that works out, how/where would I need to specify the public IP address config wise, for the openvpn client export to connect successfully? as in, for the config files I make for remote access connections, where would I provide the public IP I'd need to actually connect properly? I think that might be the problem I'm having, is I dont know where/how to get that specific info in the configs to make them work.

marvosa · Mar 3, 2021, 5:36 AM

@high_voltage If you don't have access to the edge router, then you'd have to get your public IP by going to a website like https://whatismyipaddress.com or https://ipchicken.com. You can also do a google search for "what is my IP" and it will tell you.

Once you have the public IP, you would go to the "Client Export" utility, change the Host Name Resolution to "other", enter the public IP and then export your client packages.

Another option is to subscribe to a free DDNS service and enter a hostname instead of an IP.