Help needed with road-warrior server/client routing on a new install
I am hoping to get some help with setting up a road-warrior server/client connection. I am using a fresh install of pfSense 2.0.2-RELEASE (x86).
If you view my attached network layout, what I am trying to do is run a stand-alone pfsense machine to act as a point of vpn connection to our LAN. We want to get a lot of testing in with VPN before we commit to using pfsense as our main gateway to the internet (and better hardware).
So, I have the server configured as:
TUN Device Mode, UDP
I am able to connect with a Win7x64 client, get a 10.0.8.6 address, and I can retain connection to the management interface. Once connected, I no longer have access to the outside internet, and I am not able to access other servers on the LAN.
I believe my problem is with routing, which is why none of the guides I've followed mention this part of the setup.
I'm very new to this, so I need some help with setting up the routing so that a connecting client can communicate as if it were on the local LAN in the office.
Is someone kind enough to help me through this? I believe I need to set up the Advanced OpenVPN server configuration, as well as some options to export to the client with respect to the gateway, but that is where I have hit a brick wall.
Also, I do not have a problem routing all traffic from the client through the VPN, as I'm not sure what sort of access I have to the main gateway as far as routes are concerned. The main gateway is an antiquated fortigate VPN machine that has proven reliable as a gateway. (We are trying to replace its vpn with OpenVPN).
![ARM LAN Lucidchart - Google Chrome_2013-02-27_16-35-08.png](/public/imported_attachments/1/ARM LAN Lucidchart - Google Chrome_2013-02-27_16-35-08.png)
![ARM LAN Lucidchart - Google Chrome_2013-02-27_16-35-08.png_thumb](/public/imported_attachments/1/ARM LAN Lucidchart - Google Chrome_2013-02-27_16-35-08.png_thumb)
The LAN servers have to know a route to 10.0.8.0/24 somehow. Their default route will be 192.168.1.1 (the older router), so they will be trying to reply to you through that. Either:
a) Add a static route on the old router, sending 10.0.8.0/24 to the pfSense; or
b) Add a static route on every LAN server, sending 10.0.8.0/24 to the pfSense.
Alright, it is starting to make sense now. I forced an IP/DNS/Gateway on another machine, then used the VPN to log in on my other box and I was able to communicate between the two machines.
I'll get on that fortinet and see what I can do about routes, otherwise we may just make the switch to full on pfSense. It is very nice.
This worked like a charm, Thanks! It makes a lot more sense now.
Have a good one.