How to configure OpenVPN on pfSense 2 and dd-wrt v24 preSP2 (Build13064)
-
Hello to the community!
I'm here to ask for your guidance.
I have a central/local network firewalled by pfSense2.0.1-RELEASE and several (20+) remote networks firewalled by single WRT54GL's running DD-WRT v24 preSP2 (Build13064).
Central network local IP network is 192.168.101.0/24 while remote networks have different local IP networks of 192.168.x.0/24.
I have successfully connected the remote networks to the central network by configuring pfSense with one OpenVPN server on the default port in the remote access mode using the wizard. I think in this mode, OpenVPN doesn't route traffic to the remote network because it doesn't know what that network is.
So, for example, if I wanted to ping 192.168.101.100 from the remote network, DD-WRT routes it through the VPN tunnel automatically and the remote clients can communicate with a central server sitting behind the pfSense firewall.
But the reverse doesn't work. If I wanted to ping 192.168.120.2 from the central network on the remote networks, pfSense doesn't route that traffic through the tunnel probably because it doesn't know where that network is and how to route to it.
So my question is this: how do I configure pfSense so that it does what DD-WRT seems to be doing automatically. From what I've read, I have two options for configuring OpenVPN, one is tunneled (TUN) mode and one is bridged (TAP) mode. Right now I'm using TUN mode.
So my second question is: what would be the benefits of using one or the other in my particular case where I want to be able to communicate both ways between different IP networks sitting behind one pfSense router/firewall and several DD-WRT routers/firewalls.
I'm pretty sure that if I am to use bridged mode, I would have to set up multiple servers running on different ports on the pfSense server, right? Plus it would mean both networks would have to be on the same sub network, right?
Thank all I wanted to ask for now. Thanks for pfSense and your help! :)
-
For a site-to-site setup, you don't want to use the wizard.
Use a shared key setup, check the doc wiki there are several examples.