OpenVPN client to OPT1

  • I have pfsense box with 3 nics (WAN, LAN and OPT1). And I also have remote OpenVPN server..

    I want to configure pfsense so it connects to remote OpenVPN server and puts that network on OPT1.

    How can I do that?

  • AFAIK you can't quite do that - OpenVPN will be a fourth network interface, you can't replace a physical one with it.

  • Then what can I do if I only need one network device to use that OpenVPN connection… and other ones to use LAN without OpenVPN? Maybe VLANs?

    If my desired configuration possible with pfsense?

    I need two networks LAN + LAN (as OpenVPN client). I hope it is easy to understand what I need.

  • Then that sounds like a basic routing and firewalling problem, there's nothing fancy in what little you've described.

    It would be easier to provide advice if you were clearer in what you're trying to do.  A simple diagram may help you explain what you're trying to do, since then it should be clearer where that "one network device" is for instance.

  • Hope this helps to explain what I need to achieve.

  • You mean you want it to be in the same broadcast domain, not routed?

    The remote OpenVPN server has to be in bridge mode (tap).  Then for the simplest approach you should install the OpenVPN client on the device, that's the only way to have it then on the network.  Anything else will instead put the OpenVPN server onto the remote network instead.

  • Yes you got it right, I want that device (and only that one device) to be on same broadcast domain.

    The remote OpenVPN server already is in bridge mode. Actually I can easily achieve needed functionality using routers with open-wrt or dd-wrt. So I thought that it should be easily done using PfSense. Well I guess I was wrong :(  This looks like really big limitation then :(

    I cannot install openvpn client on that device because its an embedded device. All I want is to bridge that two networks on some network interfaces leaving other interfaces intact.

  • You might be able to do it in 2.0, I haven't looked.  It's probably also possible if you get "under the hood", but again I haven't looked.

    If it isn't available in 2.0 then you may want to consider opening a bounty for the feature.

Log in to reply