OpenVPN on PFSense

TravelMore

@viragomann Thank you for replying. I appreciate your help. Hopefully, these answers help.

I did change the IPV4 Tunnel Network from 192.1xx.x.xx to 10.0.0.0/24
and i redownloaded the config file (because i would assume you would need a new confige file if you are making these types of changes).

Here is a pic of the client export utility.

Here is a pic of the tunnel settings. As mentioned above the change i made is reflected in the pic below. From what I recall the IPv4 is supposed to be your local network. That is what i think mine would fall under as everything is on a 192.168.0.x ip.

TravelMore

@jarhead Thank you. Pics posted in my last post. if you need more let me know. I am never sure what IP addresses to blur out or not. I've been informed its not the best to put your IPs online.
PFsense shows my LAN is a 192.168.0.x IP so i'd assume the 192.168.0.100 is valid for the tunnel settings for IPV4local network.

Jarhead

@travelmore The hostname in the client config needs to be your WAN address.

Your local address would be 192.168.0.0/24, not 192.168.0.100/24.

Google rfc1918. Those addresses never need to be redacted.

viragomann

@travelmore
That makes no sense at all.

Your LAN is 192.168.0.0/24.

You configured your client to connect to 192.168.0.x. So to a LAN IP.
But you mentioned you tried to connect from your phone from the internet.

BTW: the LAN network and the tunnel must not overlap.

TravelMore

@jarhead Thank you. I appreciate it. I am not too familar w/networking and subnets etc., I am learning as I go. I will make these changes and let you know what I see.

TravelMore

@viragomann Thank you for the info! It is appreciated.

TravelMore

I have made the following changes:

I am assuming I need to do a new config file to my phone when I make these setting changes, right?

tried connecting now with a new config file. It still seems to be doing the same thing.

Jarhead

@travelmore Did you change the hostname in the client export?

viragomann

@travelmore said in OpenVPN on PFSense:

I am assuming I need to do a new config file to my phone when I make these setting changes, right?

Yes, the client has to connect to the public address if from outside.
You have to state this into the "Host Name" box in the client export utility.

You can as well edit the clients config if possible and replace the IP in the remote line.

However, is your pfSense WAN IP a public one? Or is there a router in front of it?

Is your public IP static?

Is pfSense the default gateway in your network?

TravelMore

@jarhead No i did not that is set to other

The options i have in the drop-down for that host name resolution is:
Interface IP Address
Automagic multi-wan IPs
Automagic multi-wan DDNS
Installation hostname

TravelMore

@viragomann The host name box in client export utility is set to other (post above i believe shows this info and pic).

As far as editing the config file, the IP that is in the remote line is the IP for my pihole.

My WAN IP on my pf sense is a 72.x.x.x IP. I do not know if this IP actually ever changes. I just know its always a 72.x IP.

My LAN is a 192.x.x.x it is a static ip.

I did check and see the OpenVPN service is running now which is an improvement from previously.

I believe i have everything going to my pihole, as PF Sense shows DNS server is 1st IP my pihole, 2nd is cloudflare IP. In cmd prompt default gateway shows the IP of my Pfsense box.
So to answer your question about 'is pfsense the default gateway in your network...i think yes is the answer. sry, still learning how all these interact.

viragomann

@travelmore said in OpenVPN on PFSense:

My WAN IP on my pf sense is a 72.x.x.x IP. I do not know if this IP actually ever changes. I just know its always a 72.x IP.

So you should have your server set to listen on this WAN IP.
Then in the Client export utility set the "Host Name Resolution" to "interface address". So it put the public IP automatically into the remote line.

However, you have to make the change on the client. So either you can edit the config there or export a new config from pfSense and import it on the client.

TravelMore

@viragomann Thank you for your help. I appreciate it.
Okay, before i make those changes, I just noticed something that I don't know will change your answer above. The pic below. the gateway WAN is a 72.241.xxx.1 and the WAN in the interface is a 72.241.xxx.x <--this is the IP idk if it ever changes. I would assume the WAN gateway never changes but when i do a cmd prompt i show the default gateway as my pfsense IP as a 192.x.x.x

So what I am unsure of is, when you say, So you should have your server set to listen on this WAN IP.......where specifically do i put this WAN IP?
(in tunnel settings ipv4, ipv4 local network or client export host name)

viragomann

@travelmore said in OpenVPN on PFSense:

I would assume the WAN gateway never changes

You WAN IP is given by a DHCP server. It might change, but not necessarily. It's on your ISP.

If it should ever, you can subscript to a dynDNS service and use the host name for connecting.

but when i do a cmd prompt i show the default gateway as my pfsense IP as a 192.x.x.x

On a LAN device, I guess. This should show the pfSense LAN IP as gateway.

< So what I am unsure of is, when you say, So you should have your server set to listen on this WAN IP.......where specifically do i put this WAN IP?

In the server settings at interface. pfSense should provide a drop-down, from where you can select your WAN DHCP IP.

Jarhead

@travelmore In the Client export, change Host Name Resolution to Interface IP address, then export a new client config and use it on your client.

TravelMore

@viragomann This is what is already set in Server setting. I didn't make any change to it just looked and saw that was set.

These are the tunnel settings ips currently, I believe these are correct. Please verify.

This is the client export host name ip

I have just now done as @Jarhead stated and changing the hostname res. to interface IP address (below) and exporting a new client config.

I will let you guys know if i can connect.

Jarhead

@travelmore said in OpenVPN on PFSense:

I will let you guys know if i can connect.

I think we both know you will now.

viragomann

@travelmore
Yes, it's correct.
Whether you select other in the export tool and state the IP or select the "interface address", you should get the same result: The WAN IP in the remote line in the conf file.

Basically the "other" option is meant to state an IP or host name which is not known by pfSense. For instance if there is another router in front of it.

TravelMore

@travelmore It worked!! Thank you guys. Now I do have a silly question. If i wanted to connect to a PC on my network how would I do that? I kinda thought that was the point of OpenVPN was having a connection back to your network from an outside network.

I was thinking it would show a list of devices I could connect to but maybe I need to add something else to this?

Either way I am glad it is working. Thank you so much.

viragomann

@travelmore said in OpenVPN on PFSense:

It worked!!

Glad to hear.

If i wanted to connect to a PC on my network how would I do that?

Which way? What's your intention?
Do you want to access a file share or remote desktop?