Connect Client A to LAN Subnet A, Client B to OPT1 Subnet B?



  • I have searched for this configuration and can't find anything on it.  I'd like to know if it's possible to have certain OpenVPN clients connect to one internal LAN subnet and other clients connect to a different internal LAN subnet.  The two internal LANs are on different pfSense interfaces (LAN and OPT1).  I need to allow access for certain clients ONLY to the OPT1 subnet, other clients to ONLY the LAN subnet, and if possible, a third group of clients access to both subnets.

    Is this possible using 2.0RC3?

    If not directly possible, would it be possible to run multiple OpenVPN servers on different listening ports of the single WAN public IP address?

    Any info or ideas are greatly appreciated!  Thanks!
    Brad



  • Sorry my bad english (i'm russian)
    My home router (Intel Atom)
    WiFi - Dlink - 140

    LAN Computer - Work and Gaming and File storage (Win7 x64 Ultimate)
    WiFi - Netbook Lenovo S10-3 (Win7 x86 Starter)

    i have pfsense 2.0
    WAN - DHCP - XX.xx…xx
    LAN - DHCP - 192.168.1.X
    OPT1 - (WiFi) DHCP - 192.168.2.X

    In "Interfaces" - assign 1 bridge
    BRIDGE0 LAN, DWA140 LAN-WIFI

    In computers sharing folders on "guest" account
    Direct connect over windows "network" not worked, but DNS LAN - 192.168.1.1 and OPT -192.168.2.1

    I make connect over IP adres directly - in explorer window from comp (192.168.1.2) type "\192.168.2.2\Downloads"
    "Downloads" - its shared folder
    its work



  • You can have multiple openvpn servers just change the port what those listen.
    In the server you can decide which networks those are linked.



  • Thanks for the info!  Is it possible to access those in the GUI or does it have to be done from the command line?  I didn't see a way to configure a second server in the GUI, but that may just be because I haven't configured the first one.

    Thanks again!



  • I'm having three openvpn servers in use

    • All of those are for remote access

    • two of those are user auth

    • one of those are certificate authenticating

    And you can define what trafic those are allowed by assigning interfaces from those servers



  • Thanks so much for the information.  I'm not sure where I was looking before , but now I've definitely seen how to have multiple servers.
    Your response led me in the right direction.
    Thanks again!


Log in to reply