Newbie Openvpn settings question

  • Hi,

    I'm quite new to this so here goes : Running pfsense2.0rc2 on a alix board.
    3 ports used: WAN / LAN / WORKLAN, LAN port is Worklan is
    I have an openvpn client installed and it seems to correctly connect to my work openvpn server.

    Jun 13 19:42:15 openvpn[61218]: PUSH: Received control message: 'PUSH_REPLY,route,dhcp-option DNS,dhcp-option DNS,route
                  ,route,route,ping 10,ping-restart 60,ifconfig'
    Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: timers and/or timeouts modified
    Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: –ifconfig/up options modified
    Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: route options modified
    Jun 13 19:42:15 openvpn[61218]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified

    How can i make my WORKLAN connect to the vpn and leave the LAN seperate. I've also added an interface with the ovpc1.
    But as I have no knowledge of vpn's i'm really stuck.

    thanx for any help.

  • If I understand you correct, you can connect from the OpenVPN client to the pfsense webGUI/OpenVPN server but you cannot connect to the WORKLAN subnet ?

    Just go to OpenVPN Server, edit and scroll down to advanced:


    push "route"

    Save, restart, reconnect OpenVPN client.

    PS: Remember to create a firewall rule to allow you OpenVPN client/network to access the WORKLAN.

  • First create deny rule bot lan and vpn networks to "see" each other and after that it should be done

  • Hi,

    Thanx for the replies. Actually there shouldn't be access from openvpn to the WORKLAN.
    But when adding the rule to the openvpn, the normal LAN doesn't work anymore.

    regards Jan.

  • @Metu69salemi
    Why to create a deny rule !?

    I do not really understand what you want to realize. Perhaps I have some misunderstanding because english is not my native language. Could you try to explain me the problem with other words and perhaps poste a screenshot or something which explains you scenario with ip addresses and subnets.

  • @nachtfalke

    If i understood he wanted to deny access from other networks than openvpn and worklan

  • Ok, So my normal lan (fysical port vr1) is used for normal internet traffic to WAN (fysical port vr2), I made a second WORKLAN (fysical port vr3) with a pc and a server on it. I can access my WORKLAN trough my normal lan, but not the other way around.
    normal lan =192.168.10.X /24
    worklan    =192.168.1.X /24

    Now i'm trying to access a remote network via an openvpn trough my worklan, the other lan should not see it or be influenced.

    When setting the push gateway in the advanced tap i seem to route all traffic from the worklan  trough the openvpn and the normal lan doesn't work anymore :(

    that's the current situation
    Thanx for all the help

Log in to reply