Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to link wireless on OPT to LAN network via OpenVPN?

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mildmanneredreporter
      last edited by

      I'm trying to migrate from an IPCop installation to pfSense. One of the functionalities I'm trying to replicate is allowing only SOME of my wireless network clients to reach the LAN via OpenVPN, for printing, access to a file server, etc. I have read the Definitive Guide and have combed through this forum without finding what works for this:

      OPT1 >> OpenVpN >> LAN

      I have followed the Definitive Guide's instructions on creating an OpenVPN server, generated certificates and keys, and installed the OpenVPN GUI on a Windows 7 machine and put the keys and certificates on the client machine.

      Has else anyone done this? Have a HOWTO that works? Should I be doing it via IPSEC or some other protocol?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        You mean you want to block everything on the WLAN interface, and allow only people using OpenVPN to access the LAN?

        Just delete the allow rules on the WLAN, create a single rule to allow access to the openVPN server, and connect with the clients to the server.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          mildmanneredreporter
          last edited by

          No, I want guests to be able to use the WLAN, to access the internet, but not get to the LAN without the keys and certs. But I think you've hit the right point – I'm not sure how to configure the firewall rule for OpenVPN. Do I allow VPN traffic into the pfSense LAN interface? Is it a rule for the OPT1 interface, or the LAN interface?

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Please read up how firewall rules on pfsense works.
            Create two rules on the wlan interface.
            1: allow, source: wlan, destination NOT lan
            2: allow, source: wlan, destination ip_of_pfsense_on_wlan

            like this everyone can access the internet.
            People with openVPN will be treated as if they are connected to another interface on the pfsense and will be handles according to the rules you create on this other interface.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.