Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help needed with road-warrior server/client routing on a new install

    OpenVPN
    2
    4
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tired2
      last edited by

      Hi,

      I am hoping to get some help with setting up a road-warrior server/client connection.  I am using a fresh install of pfSense 2.0.2-RELEASE (x86).

      If you view my attached network layout, what I am trying to do is run a stand-alone pfsense machine to act as a point of vpn connection to our LAN.  We want to get a lot of testing in with VPN before we commit to using pfsense as our main gateway to the internet (and better hardware).

      So, I have the server configured as:

      TUN Device Mode, UDP

      I am able to connect with a Win7x64 client, get a 10.0.8.6 address, and I can retain connection to the management interface.  Once connected, I no longer have access to the outside internet, and I am not able to access other servers on the LAN.

      I believe my problem is with routing, which is why none of the guides I've followed mention this part of the setup.

      I'm very new to this, so I need some help with setting up the routing so that a connecting client can communicate as if it were on the local LAN in the office.

      Is someone kind enough to help me through this?  I believe I need to set up the Advanced OpenVPN server configuration, as well as some options to export to the client with respect to the gateway, but that is where I have hit a brick wall.

      Also, I do not have a problem routing all traffic from the client through the VPN, as I'm not sure what sort of access I have to the main gateway as far as routes are concerned.  The main gateway is an antiquated fortigate VPN machine that has proven reliable as a gateway.  (We are trying to replace its vpn with OpenVPN).

      Thanks,

      -Evan
      ![ARM LAN Lucidchart - Google Chrome_2013-02-27_16-35-08.png](/public/imported_attachments/1/ARM LAN Lucidchart - Google Chrome_2013-02-27_16-35-08.png)
      ![ARM LAN Lucidchart - Google Chrome_2013-02-27_16-35-08.png_thumb](/public/imported_attachments/1/ARM LAN Lucidchart - Google Chrome_2013-02-27_16-35-08.png_thumb)

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        The LAN servers have to know a route to 10.0.8.0/24 somehow. Their default route will be 192.168.1.1 (the older router), so they will be trying to reply to you through that. Either:
        a) Add a static route on the old router, sending 10.0.8.0/24 to the pfSense; or
        b) Add a static route on every LAN server, sending 10.0.8.0/24 to the pfSense.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • T
          Tired2
          last edited by

          Alright, it is starting to make sense now.  I forced an IP/DNS/Gateway on another machine, then used the VPN to log in on my other box and I was able to communicate between the two machines.

          I'll get on that fortinet and see what I can do about routes, otherwise we may just make the switch to full on pfSense.  It is very nice.

          1 Reply Last reply Reply Quote 0
          • T
            Tired2
            last edited by

            This worked like a charm, Thanks!  It makes a lot more sense now.

            Have a good one.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.