• Hi, I have a very small remote office with 2-3 client pc connect with OpenVpn to heartquarter via pfsense server, and it work fine;
    in the small office I want to place also a network printer, with local IP (Es. 192.168.1.10)
    Can my client print on the local ip printer when it's connect to hearthquarter with openvpn ?

    Thanks in advance,
    best regards


  • From your post, I guess that each client PC starts an OpenVPN client individually that makes the connection to headquarters (I like your typo also "heartquarter" - I guess you have a very loving management style in your company :) That should still be OK, even though each client is actually coming from the same remote office subnet.
    As long as the private IP subnets at HQ, remote office and the OpenVPN tunnel are all different there should not be a problem. I usually keep away from 192.168.0.0/24, 192.168.1.0/24 and similar, since one of your users might go home (home often has 192.168.[0|1].0/24) and VPN from there.
    10.n.n.0/24 are good.


  • thanks phil,
    in HQ lan the subnet is 192.168.1.x
    each client PC starts an OpenVPN client individually..
    before start vpn, each pc client have IP with subnet similar at HQ  (192.168.1.x)
    when start vpn, client keep IP as 192.168.200.x
    it's wrong?



  • What is the remote office subnet?
    (It must be different from 192.168.1.x and 192.168.200.x)

    If it is possible to change HQ (I don't know how big it is), then make the HQ LAN some other subnet - 192.168.42.0/24 or 10.42.42.0/24 or whatever "random" private IP block you like. In future, when your remote users start to wander and come from other locations (their homes…), they will likely OpenVPN in from a home network that is already 192.168.1.0/24 - so if possible, I would renumber HQ now and get the pain over with. If most of your HQ devices get DHCP from pfSense, then not much problem changing - you might only have to manually change static IPs in a few file servers, print servers, APs...


  • remote are incorrectly set to the same HQ subnet (192.168.1.x)
    I would be more convenient to change the remote,
    I try,.. thanks!