OpenVPN behind CGNAT with VPS for remote access
-
@viragomann VPS is not running pfsense. Just running an openvpn server.
-
@jims
So you have to set up a site-to-site connection between your home pfSense and the VPS.
As I understood, you try to do both connection, to your home and from your phone with a single OpenVPN server instance, right?To you also want to access the web servers from public IPs or from your phone using the VPN only?
-
@viragomann I have openvpn app on my phone that can connect to the server. Need access from my phone and my wifes phone. And possibly other openvpn clients but those two phones mainly. I have exported the ovpn files for these users and phones and phsense show they connect to the server. But I have been unable to pass any traffic over the connections. So I think some config/settings within the server is the remaining piece.
-
@jims said in OpenVPN behind CGNAT with VPS for remote access:
I have exported the ovpn files for these users and phones and phsense show they connect to the server.
pfSense? You mentioned you're running only one pfSense at your home, which is behind a CGN. So you should not be able to connect directly to pfSense at all.
-
@viragomann pfsense has an openvpn client package. I loaded it. It works to connect to the server after I loaded the client ovpn file from the server.
-
@jims Some additional setup is needed to get the remote access I am trying to accomplish. That's where I need some help. I have searched and read lots on that but am a bit lost in all of it.
-
@jims
Since the server is not pfSense you might get better support in the OpenVPN forum.At any rate you have to configure a client specific override on the server for the connection to pfSense, where you have to state the iroute command with your home LAN to set the proper routes on the server.
Search the web how to do this.On your home pfSense assign an interface to the OpenVPN client instance and enable it (no IP settings!). So you get an firewall rule tab for this interface where you have to allow incoming traffic. Also ensure that there is no pass rule on the OpenVPN tab!
Instead of this you can also set a masquerading rule on the server for traffic going to your home. -
@viragomann Thanks! I understand the server settings are not related to pfsense and have asked for help with that on openvpn forum. Some things that are pfsense issues/settings - When I have vpn connected my pc on lan port does not connect to internet on wan port. With vpn connection disabled the connection from lan to wan works. I need to set up so all lan originating traffic is passed to wan and at the same time pass incoming vpn traffic to multiple addresses on the lan.
-
@jims
Possibly the traffic is directed to the VPN server?
This could be the case, if the server is pushing the default route, which might not be desired on the phone as well anyway. So you should disable this on the server.In client settings you can avoid that it changes the routes by checking "Don't pull routes".
-
@viragomann I tried selecting "dont pull routes" on client. still no joy. I did get the openvpn working so I can access my local machines when I am not on the local network but can't get from lan to wan. there is a rule to pass traffic but for some reason the logs show the traffic is blocked.