Help me understand OpenVPN



  • I just want to make sure that I am looking at the right solution to my problem.  I think I understand how this all works, but I'm not positive.

    I have:
    network A, running 192.168.0.x/24
    network B, running 192.168.1.x/24

    A and B are separated by the internet.  My goal is to have a permanent encrypted connection between the two networks, wherein I can ping any machine on network A from network B, and any from B to A.

    Would the correct approach to this problem be to set up OpenVPN as a server on network A, and as a client on network B?  Is this possible without having to use 192.168.2.x or 192.168.3.x?



  • Yes you can use openVPN to do this.
    And no to your second Question. You do need another subnet to route over (192.168.x.x or any other private network like 172.16.x.x ~ 172.31.x.x or 10.x.x.x).

    If you want to do that without using another subnet use IPSEC, but then you need to have a static IP on at least one side of the tunnel.



  • Ok, thank you for your quick reply.  If OpenVPN requires different subnets, how does that work?  How are they assigned on the different networks?

    Currently, I have network A, with workstations 192.168.0.1 through to 192.168.0.254, and network B with 192.168.1.x - .y

    If the network is set up as so:

    192.168.0.x    |–--> pfSense (A)----> WAN IP (A) <...> WAN IP (B) <---- pfSense (B)< ---- | 192.168.1.y

    When I set up OpenVPN between pfSense (A) and pfSense (B), where does it create the new subnets, and how are they allocated?  If I have a service running on 192.168.0.1, how can I access it from 192.168.1.x?

    **I have got a static IP to use for this, so maybe IPSEC would be a better option.



  • The new subnet is created automatically when you define it on the openVPN page.
    If you dont know anything about openVPN i suggest you read the pfense-docs about openVPN
    http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN


  • LAYER 8 Moderator

    The only subnet that's created is a "transfer net" between the two OpenVPN nodes. You can use some completely different one (10.x.x.x or 172.16.x.x) and it is only used for communication between the OpenVPN endpoints. In normal use you don't have anything to do with it, you just work as the other sides ip range is a local one. Nothing to get worried about. There's a nice howto explaining the steps setting it up that way. I suggest looking into it.

    Greets Grey


Log in to reply