All traffic pfSense to Linuxbox FW

OpenVPN
Log in to reply
  • A

    Hello All,
    In the office building we have main firewall based on linux fedora.
    In one of our branch offices we have pfSense.
    I have established OpenVPN connection between them but I have problem with routing the traffic correctly.
    The goal is all traffic from pfSense LAN net 192.168.13.0/24 to be routed over OpenVPN trough main Fedora firewall.

    Here is OpenVPN server config from linuxbox

    ca keys/ca.crt
    cert keys/xxxxxxxx.crt
    comp-lzo yes
    dev tun1
    dh /etc/openvpn/keys/dh1024.pem
    fast-io
    float
    crl-verify /etc/openvpn/keys/crl.pem
    keepalive 10 120
    key keys/xxxxxxx.key
    mlock
    mode server
    persist-key
    persist-tun
    port 1195
    tls-server
    local 95.95.95.91
    proto udp
    server 192.168.250.0 255.255.255.0
    status /var/log/openvpn-status-wh.log
    log-append  /var/log/openvpn-wh.log
    verb 1

    #Routes pushing to the client section

    push "route 192.168.0.0 255.255.255.0"
    push "route 192.168.252.0 255.255.255.0"
    push "route 192.168.253.0 255.255.255.0"
    push "redirect-gateway def1"
    push "dhcp-option DNS 192.168.0.5"

    When I use NAT to masquerade whole traffic from 192.168.13.0/24 to OpenVPN interface. The job is done. But I want not to use NAT, just routing.

    I have attached the topology diagram.
    10x in advance :)

    0
  • P

    and what is in the pfSense client OpenVPN config? Anything to tell the server end that the tunnel to the client is the route back to 192.168.13.0/24?
    perhaps you can just add that explicitly to the server:

    route 192.168.13.0 255.255.255.0
    0
  • A

    In the pfSense client config there is nothing, because I push routes from server side (linuxbox) to client (pfSense),

    I posted this in my first post. This is server config:

    
.
.
.
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.252.0 255.255.255.0"
push "route 192.168.253.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.0.5"

    In the linux config there have been created so many IP addresses for OpenVPN so I don't know which is the gateway for 192.168.0.13/24

    ifconfig tells:

    tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
              inet addr:192.168.250.1  P-t-P:192.168.250.2  Mask:255.255.255.255

    netstat -rn tells:

    [8:12:42 PM] Atanas Manoilov HDS: [root@fw ~]# netstat -rn
    Kernel IP routing table
    Destination    Gateway        Genmask        Flags  MSS Window  irtt Iface
    192.168.250.2  0.0.0.0        255.255.255.255 UH        0 0          0 tun1
    192.168.0.0    0.0.0.0        255.255.255.0  U        0 0          0 eth0
    192.168.250.0  192.168.250.2  255.255.255.0  UG        0 0          0 tun1
    192.168.252.0  0.0.0.0        255.255.255.0  U        0 0          0 eth2
    192.168.253.0  0.0.0.0        255.255.255.0  U        0 0          0 eth1
    0.0.0.0        x.x.x.x    0.0.0.0        UG        0 0          0 eth3

    0
  • P

    In you Linux end OpenVPN server config, just add:

    route 192.168.13.0 255.255.255.0

    That should tell it that the link is a route to 192.168.13.0/24

    0
  • A

    10x a lot,
    it was enough for me to understand :)

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy