Newbie Openvpn settings question



  • Hi,

    I'm quite new to this so here goes : Running pfsense2.0rc2 on a alix board.
    3 ports used: WAN / LAN / WORKLAN, LAN port is 192.168.10.1 Worklan is 192.168.20.1
    I have an openvpn client installed and it seems to correctly connect to my work openvpn server.

    Jun 13 19:42:15 openvpn[61218]: PUSH: Received control message: 'PUSH_REPLY,route 10.98.0.0 255.255.0.0,dhcp-option DNS 10.98.247.198,dhcp-option DNS 10.98.250.1,route
                            10.99.0.0 255.255.0.0,route 192.168.64.0 255.255.255.0,route 10.97.0.0 255.255.0.0,route 172.25.25.0 255.255.255.0,route 172.21.0.0 255.255.0.0,route
                            192.168.254.0 255.255.255.0,route 10.123.45.0 255.255.255.0,route 172.21.1.1,ping 10,ping-restart 60,ifconfig 172.21.1.14 172.21.1.13'
    Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: timers and/or timeouts modified
    Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: –ifconfig/up options modified
    Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: route options modified
    Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified

    How can i make my WORKLAN connect to the vpn and leave the LAN seperate. I've also added an interface with the ovpc1.
    But as I have no knowledge of vpn's i'm really stuck.

    thanx for any help.



  • If I understand you correct, you can connect from the OpenVPN client to the pfsense webGUI/OpenVPN server but you cannot connect to the WORKLAN subnet ?

    Just go to OpenVPN Server, edit and scroll down to advanced:

    Enter:

    push "route 192.168.20.0 255.255.255.0"

    Save, restart, reconnect OpenVPN client.

    PS: Remember to create a firewall rule to allow you OpenVPN client/network to access the WORKLAN.



  • First create deny rule bot lan and vpn networks to "see" each other and after that it should be done



  • Hi,

    Thanx for the replies. Actually there shouldn't be access from openvpn to the WORKLAN.
    But when adding the rule to the openvpn, the normal LAN doesn't work anymore.

    regards Jan.



  • @Metu69salemi
    Why to create a deny rule !?

    @on6zg
    I do not really understand what you want to realize. Perhaps I have some misunderstanding because english is not my native language. Could you try to explain me the problem with other words and perhaps poste a screenshot or something which explains you scenario with ip addresses and subnets.



  • @nachtfalke

    If i understood he wanted to deny access from other networks than openvpn and worklan



  • Ok, So my normal lan (fysical port vr1) is used for normal internet traffic to WAN (fysical port vr2), I made a second WORKLAN (fysical port vr3) with a pc and a server on it. I can access my WORKLAN trough my normal lan, but not the other way around.
    normal lan =192.168.10.X /24
    worklan    =192.168.1.X /24

    Now i'm trying to access a remote network via an openvpn trough my worklan, the other lan should not see it or be influenced.

    When setting the push gateway in the advanced tap i seem to route all traffic from the worklan  trough the openvpn and the normal lan doesn't work anymore :(

    that's the current situation
    Thanx for all the help
    Jan.


Locked