VPN with DHCP from server LAN

johnpoz · Dec 25, 2022, 2:18 PM

@djdmx why do they need to be on the same network?

djdmx · Dec 25, 2022, 3:01 PM

@johnpoz because there's an hub that can only discover devices on his same network

Jarhead · Dec 25, 2022, 3:29 PM

@djdmx Yes, tap mode will work.

djdmx · Dec 25, 2022, 4:17 PM

@jarhead thank you, can you tell me how to configure it and how to assign the tunnel to the 3td NIC?

Jarhead · Dec 25, 2022, 5:24 PM

@djdmx
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-bridged.html

djdmx · Dec 25, 2022, 7:22 PM

@jarhead thank you so much, I'll try and let you know

Jarhead · Dec 26, 2022, 10:46 AM

@djdmx
Just to add, if you don't have at least a 500/500 internet at both sites, it's gonna be tough.
tap vpn's were always frowned upon but it was never the vpn, just because the internet connections weren't fast enough.

I remember I hit a few snags setting it up so any problems you have, just post here. I should be able to remember what I did.

djdmx · Dec 26, 2022, 12:29 PM

@jarhead thank you!
I set up correctly PFSense at home as OpenVPN server, in tap mode, and bridge with LAN interface.

Now I have to configure the second PFSense as OpenVPN client and assign it to 3rd NIC.
Any suggestion?

djdmx · Dec 26, 2022, 9:31 PM

@jarhead I have some problems with tunnel configuration:
I set up server side in Peer to Peer (Shared Key) mode (in this mode it's not possible to select "Bridge DHCP", and the same Peer to Peer (Shared Key) mode on the PfSense client.
On the server I create a bridge with openvpn and LAN.
The tunnel is working (client correctly connect to the server), but it doesn't obtain an ip address from server's LAN DHCP.

johnpoz · Dec 26, 2022, 9:59 PM

@djdmx said in VPN with DHCP from server LAN:

Peer to Peer (Shared Key

That is going away anyway - I would suggest from doing any sort of anything with shared key as the setup

https://redmine.pfsense.org/issues/12981
Warn about OpenVPN shared key deprecation

djdmx · Dec 26, 2022, 10:02 PM

@johnpoz Thank you, I know that. It's only for the first test

djdmx · Dec 28, 2022, 9:09 PM

I did it!

This is my configuration:

SERVER

OpenVPN settings:
Peer to Peer (Shared Key)
Tap mode
UDP on IPV4
Interface WAN
Port 1194
Data encryption (default 256-bit)
Tunnel IP4 network 192.178.168.0/30

Interfaces:
OpenVPN interface assigned to OPT1
Bridge with LAN and OPT1

Firewall rules:
WAN -> permit UDP 1194 from any to WAN
OPT1 -> permit any IPv4 from any to any
BRIDGE -> permit any IPv4 from any to any
OPENVPN -> permit any IPv4 from any to any

CLIENT

OpenVPN settings:
Peer to Peer (Shared Key)
Tap mode
UDP on IPV4
Interface WAN
Server host -> my_server_IP
Server Port 1194
Data encryption (default 256-bit)
Tunnel IP4 network 192.178.168.0/30

OpenVPN interface assigned to OPT1
Bridge with LAN2 and OPT1 with DHCP IPv4 address

Firewall rules:

OPT1 -> permit any IPv4 from any to any
LAN2 -> permit any IPv4 from any to any
BRIDGE -> permit any IPv4 from any to any
OPENVPN -> permit any IPv4 from any to any

Now I'll try to move to Peer to Perr (SSL/TLS) ;-)

Jarhead · Dec 28, 2022, 10:36 PM

@djdmx Good to hear!!
Sorry I haven't answered any of your posts, just getting over the flu. But you didn't need my help anyway!