Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple OpenPVN

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jan.gestre
      last edited by

      Hi Guys,

      I have questions regarding OpenVPN, we are going to setup OpenVPN on 4 sites each using PfSense as firewall, what we want to happen is for the four sites be connected via OpenVPN, sharing files as if their in a LAN. Is this setup possible? What I have in mind is that each site will be configured as a server and as a client, some sort of multiple trust domain.

      TIA,

      Jan

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        If you want to use pfSense to firewall the openVPN then it's a nogo.
        You cannot filter the traffic comming in /going out through the openVPN tunnel.

        But it is no problem to have multiple Servers or Clients running at the same time.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • J
          jan.gestre
          last edited by

          Hi Gruens,

          I didn't quite understood what you said, so you're saying that if I will use PfSense as firewall in all of the sites, I can't use OpenVPN? Isn't it the same as running OpenVPN that comes with PfSense?

          Actually the filtering thing never crossed my mind, Do I really need to have that?

          Jan

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            @jan:

            Hi Gruens,

            I didn't quite understood what you said, so you're saying that if I will use PfSense as firewall in all of the sites, I can't use OpenVPN? Isn't it the same as running OpenVPN that comes with PfSense?

            You can use OpenVPN.
            I meant you cannot create a firewallrule on pfSense for the pfSense-internal openVPN client/server.

            Actually the filtering thing never crossed my mind, Do I really need to have that?

            Depends on your setup.
            If your openVPN subnet is a "thrusted" subnet this should not be a problem.
            I thought more you want to firewall the VPN connection.

            maybe diagrams are more clear:
            //–---------------------
              Client - vpnclient
                |
                |
            pfSense
              WAN
                |
                |
              Server - vpnserver

            the client will always be able to establish a VPN connection to the Server. (if it's the client running the openVPN client instance)
            pfSense does only firewalling for the traffic from WAN to LAN and vice versa.
            //-----------------------

            Client
                |
                |
            pfSense - vpnclient
              WAN
                |
                |
              Server - vpnserver

            now the vpnclient is on the pfSense itself. One might think you could firewall the vpn connection too.
            --> having rules who can access the vpn tunnel or who is accessible from the VPN.
            But since you cannot creat a rule for the virtual VPN-interface this is not possible.
            this is what i meant in my first post.

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • J
              jan.gestre
              last edited by

              Hi Gruens,

              Thanks for  your inputs. Here is what I'm planning to setup, install Pfsense as firewall in all of the sites and configure the OpenVPN client/server setup. The subnet is a trusted subnet, and the scenario would be e.g., clients on site 1 will able to see/share files on the Head Office subnet and vice versa.

              LAN subnet
                  |
                  |
              pfsense HeadOffice
              OpenVPN server
                  |
                  |
              pfsense remote site 1
                  |
                  |
              Remote LAN

              Regards,

              Jan

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.