How to link wireless on OPT to LAN network via OpenVPN?
-
I'm trying to migrate from an IPCop installation to pfSense. One of the functionalities I'm trying to replicate is allowing only SOME of my wireless network clients to reach the LAN via OpenVPN, for printing, access to a file server, etc. I have read the Definitive Guide and have combed through this forum without finding what works for this:
OPT1 >> OpenVpN >> LAN
I have followed the Definitive Guide's instructions on creating an OpenVPN server, generated certificates and keys, and installed the OpenVPN GUI on a Windows 7 machine and put the keys and certificates on the client machine.
Has else anyone done this? Have a HOWTO that works? Should I be doing it via IPSEC or some other protocol?
-
You mean you want to block everything on the WLAN interface, and allow only people using OpenVPN to access the LAN?
Just delete the allow rules on the WLAN, create a single rule to allow access to the openVPN server, and connect with the clients to the server.
-
No, I want guests to be able to use the WLAN, to access the internet, but not get to the LAN without the keys and certs. But I think you've hit the right point – I'm not sure how to configure the firewall rule for OpenVPN. Do I allow VPN traffic into the pfSense LAN interface? Is it a rule for the OPT1 interface, or the LAN interface?
-
Please read up how firewall rules on pfsense works.
Create two rules on the wlan interface.
1: allow, source: wlan, destination NOT lan
2: allow, source: wlan, destination ip_of_pfsense_on_wlanlike this everyone can access the internet.
People with openVPN will be treated as if they are connected to another interface on the pfsense and will be handles according to the rules you create on this other interface.