Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN with DHCP from server LAN

    Scheduled Pinned Locked Moved OpenVPN
    vpntapdhcp
    14 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      djdmx
      last edited by

      Hi everyone,

      I need to setup a VPN between two sites like this:

      HOME PFSense
      1st NIC -> WAN
      2nd NIC -> LAN 192.168.1.0/24 with DHCP server
      3rd NIC -> not used

      REMOTE SITE PFSense
      1st NIC -> WAN
      2nd NIC -> LAN 10.98.0.0/24 with DHCP server
      3rd NIC -> VPN tunnel to HOME LAN (every client connected to this interface have to obtain an IP from home's DHCP server 192.168.1.x)

      It's possible to do that with an OpenVPN in TAP mode, or somehow?

      Thank you

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @djdmx
        last edited by

        @djdmx why do they need to be on the same network?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        D 1 Reply Last reply Reply Quote 0
        • D
          djdmx @johnpoz
          last edited by

          @johnpoz because there's an hub that can only discover devices on his same network

          J 1 Reply Last reply Reply Quote 0
          • J
            Jarhead @djdmx
            last edited by

            @djdmx Yes, tap mode will work.

            D 1 Reply Last reply Reply Quote 0
            • D
              djdmx @Jarhead
              last edited by

              @jarhead thank you, can you tell me how to configure it and how to assign the tunnel to the 3td NIC?

              J 1 Reply Last reply Reply Quote 0
              • J
                Jarhead @djdmx
                last edited by

                @djdmx
                https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html

                D 1 Reply Last reply Reply Quote 0
                • D
                  djdmx @Jarhead
                  last edited by

                  @jarhead thank you so much, I'll try and let you know

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    Jarhead @djdmx
                    last edited by

                    @djdmx
                    Just to add, if you don't have at least a 500/500 internet at both sites, it's gonna be tough.
                    tap vpn's were always frowned upon but it was never the vpn, just because the internet connections weren't fast enough.

                    I remember I hit a few snags setting it up so any problems you have, just post here. I should be able to remember what I did.

                    D 2 Replies Last reply Reply Quote 0
                    • D
                      djdmx @Jarhead
                      last edited by

                      @jarhead thank you!
                      I set up correctly PFSense at home as OpenVPN server, in tap mode, and bridge with LAN interface.

                      Now I have to configure the second PFSense as OpenVPN client and assign it to 3rd NIC.
                      Any suggestion?

                      1 Reply Last reply Reply Quote 0
                      • D
                        djdmx @Jarhead
                        last edited by

                        @jarhead I have some problems with tunnel configuration:
                        I set up server side in Peer to Peer (Shared Key) mode (in this mode it's not possible to select "Bridge DHCP", and the same Peer to Peer (Shared Key) mode on the PfSense client.
                        On the server I create a bridge with openvpn and LAN.
                        The tunnel is working (client correctly connect to the server), but it doesn't obtain an ip address from server's LAN DHCP.

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @djdmx
                          last edited by

                          @djdmx said in VPN with DHCP from server LAN:

                          Peer to Peer (Shared Key

                          That is going away anyway - I would suggest from doing any sort of anything with shared key as the setup

                          https://redmine.pfsense.org/issues/12981
                          Warn about OpenVPN shared key deprecation

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                          D 1 Reply Last reply Reply Quote 0
                          • D
                            djdmx @johnpoz
                            last edited by

                            @johnpoz Thank you, I know that. It's only for the first test

                            1 Reply Last reply Reply Quote 0
                            • D
                              djdmx
                              last edited by

                              I did it!

                              This is my configuration:

                              SERVER

                              OpenVPN settings:
                              Peer to Peer (Shared Key)
                              Tap mode
                              UDP on IPV4
                              Interface WAN
                              Port 1194
                              Data encryption (default 256-bit)
                              Tunnel IP4 network 192.178.168.0/30

                              Interfaces:
                              OpenVPN interface assigned to OPT1
                              Bridge with LAN and OPT1

                              Firewall rules:
                              WAN -> permit UDP 1194 from any to WAN
                              OPT1 -> permit any IPv4 from any to any
                              BRIDGE -> permit any IPv4 from any to any
                              OPENVPN -> permit any IPv4 from any to any

                              CLIENT

                              OpenVPN settings:
                              Peer to Peer (Shared Key)
                              Tap mode
                              UDP on IPV4
                              Interface WAN
                              Server host -> my_server_IP
                              Server Port 1194
                              Data encryption (default 256-bit)
                              Tunnel IP4 network 192.178.168.0/30

                              OpenVPN interface assigned to OPT1
                              Bridge with LAN2 and OPT1 with DHCP IPv4 address

                              Firewall rules:

                              OPT1 -> permit any IPv4 from any to any
                              LAN2 -> permit any IPv4 from any to any
                              BRIDGE -> permit any IPv4 from any to any
                              OPENVPN -> permit any IPv4 from any to any

                              Now I'll try to move to Peer to Perr (SSL/TLS) ;-)

                              J 1 Reply Last reply Reply Quote 0
                              • J
                                Jarhead @djdmx
                                last edited by

                                @djdmx Good to hear!!
                                Sorry I haven't answered any of your posts, just getting over the flu. But you didn't need my help anyway!

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.