OpenVPN Bridge
-
I'am using pdSense 2.0.2 and I would like to setup an OpenVPN server. I've already managed it to configure the server and I am able to connect to the server using the OpenVPN client, but I can only access the IP of the pfSense Firewall. I've already added the OpenVPN interface under "Interfaces" -> "(assign)" and setup a bridge between the the OpenVPN interface and the LAN interface. I've also setup a firewall rule for openvpn to access any ip and any service, but I just don't get any pings back from other ip's. What am I doing wrong?
Here is my openvpn configuration:
<openvpn-server><vpnid>1</vpnid> <mode>server_tls_user</mode> <authmode>Local Database</authmode> <protocol>TCP</protocol> <dev_mode>tun</dev_mode> <ipaddr><interface>wan</interface> <local_port>444</local_port> <description><custom_options>auth MD5</custom_options> <caref>5102b471dec59</caref> <crlref><certref>510290cf024e1</certref> <dh_length>1024</dh_length> <cert_depth>1</cert_depth> <strictusercn><crypto>AES-128-CBC</crypto> <engine>none</engine> <tunnel_network>10.242.2.0/24</tunnel_network> <remote_network><gwredir><local_network>172.17.0.0/16</local_network> <maxclients><compression>yes</compression> <passtos><client2client><dynamic_ip><pool_enable>yes</pool_enable> <netbios_enable><netbios_ntype>0</netbios_ntype></netbios_enable></dynamic_ip></client2client></passtos></maxclients></gwredir></remote_network></strictusercn></crlref></description></ipaddr></openvpn-server>
-
You don't need any assigning an interface or bridging. You do need rules on the OpenVPN Firewall Rules tab to allow traffic from the tunnel to your LAN.
You have an OpenVPN tunnel setup there, the server will tell (push) the client a route to your LAN (172.17.0.0/16). So the client will know how to route to 172.17.0.0/16. And devices on the LAN can route back just by sending packets to pfSense (which is normally their default gateway already), and pfSense is hosting the OpenVPN, so it knows how to route return packets. -
Thanks for the tip, I have not yet set the default gateway to the pfSense firewall because I want to test the configuration first. But this has to be the problem.