OpenVPN client to remote machine through pfSense, with reverse traffic/routing allowed when connected
-
At MainOffice:
- firewall PFSENSE with IP WAN: 80.80.80.80, IP LAN: 172.19.2.1/24
- server MAINSERVER with IP 172.19.2.10
At SecondOffice:
- NO CONFIGURABLE FIREWALL
- server Windows 2019 CLISERVER with IP 192.168.0.1/24 , with an OpenVPN program
How can I configure the PFSENSE at MainOffice and/or the OpenVPN client on the SecondOffice in order to:
- CLISERVER must be able to ping/connect to MAINSERVER using the OpenVPN software client --> no problem here
- when CLISERVER has initiated the VPN connection, also MAINSERVER should be able to ping/connect "back" to CLISERVER
If only (1) is requirecd, then things are easy (setup pfsense openvpn in Remote Access SSL/TLS + User Auth mode).
But how can I configure (1) + (2) ?
- Should I configure the PFSENSE in peer to peer SSL/TLS mode? What parameters should I configure?
- What kind of .ovpn configuration file is needed on the CLISERVER machine (pfsense openvpn wizard only works for remote access mode)
I searched a lot but found no specific information.
Thank you in advance -
@edigest2 said in OpenVPN client to remote machine through pfSense, with reverse traffic/routing allowed when connected:
Should I configure the PFSENSE in peer to peer SSL/TLS mode? What parameters should I configure?
Yes, if you only need this one client to connect to the OpenVPN server, the easiest way is to set the tunnel mask to /30. This ensures, that the client get a static IP, which you can use to access it.
Then enter the main servers IP into the "Local Networks" field in CIDR notation (172.19.2.10/32). This pushes to route to the client.
Since the tunnel and the routes are pushed by the server, there is no need for special settings in the client config.
If the tunnel network is, say 10.0.8.0/30, the client gets 10.0.8.2. You can use this IP on the main server to access it.
Ensure that the clients Windows firewall allows access from the remote network.