Openvpn on pfsense as client



  • Hi All,

    I am trying to connect from my pfsense, 2.0-RC2, built on Tue Jun 14 21:13:02 EDT 2011, to a remote ubuntu box running Ubuntu 11.04, with Openvpn as a server.

    I was able to connect from my pfsense box, using command line, and can ping the server vpn box. I get an ip eg. 192.168.2.10

    From the lan behind pfsense, where all clients have a subnet of 192.168.1.xxx, I can ping the pfsense box with it's new vpn client ip, eg. 192.168.2.10, but I cannot connect the remote open vpn server, which have an ip of 192.168.2.1.
    I can stil, from my pfsense box, ping the remote openvpn server, using 192.168.2.1.

    My question is, how can I enable my pfsense to allow clients behind the pfsense box, on subnet 192.168.1.xx to connect to the remote openvpn server box (192.168.2.1, ubuntu running as an openvpn box). What commands should I use ?

    Thanks

    :-D


  • Rebel Alliance Developer Netgate

    You can either setup NAT so that your LAN clients get NAT applied as they leave the OpenVPN tunnel so they show up to the far side as .2.10.

    -or-

    You can set a route/iroute on the server side so that it knows to route your LAN subnet back over the OpenVPN to you. The exact method will differ there based on how the setup is done (shared key, ssl, etc)



  • Thanks for your email.

    So is there a way to avoid using one ip for all clients, eg. nat clients would have a specific ip.
    For example, client 1 : 192.168.1.70 would still be visible from the remote / far end (opvn server) as this connection is coming from ip 192.168.1.70.

    Could you elaborate please or point me to a url?

    Thanks,


  • Rebel Alliance Developer Netgate

    Yes, that's the second option I mentioned. The OpenVPN server needs a route back to the client. Search on the doc wiki (see my sig) for openvpn site-to-site and look at the docs. The exact method is different for SSL/TLS or Shared Key, so it depends on what you have.


Locked