Multiple OpenPVN
-
Hi Guys,
I have questions regarding OpenVPN, we are going to setup OpenVPN on 4 sites each using PfSense as firewall, what we want to happen is for the four sites be connected via OpenVPN, sharing files as if their in a LAN. Is this setup possible? What I have in mind is that each site will be configured as a server and as a client, some sort of multiple trust domain.
TIA,
Jan
-
If you want to use pfSense to firewall the openVPN then it's a nogo.
You cannot filter the traffic comming in /going out through the openVPN tunnel.But it is no problem to have multiple Servers or Clients running at the same time.
-
Hi Gruens,
I didn't quite understood what you said, so you're saying that if I will use PfSense as firewall in all of the sites, I can't use OpenVPN? Isn't it the same as running OpenVPN that comes with PfSense?
Actually the filtering thing never crossed my mind, Do I really need to have that?
Jan
-
@jan:
Hi Gruens,
I didn't quite understood what you said, so you're saying that if I will use PfSense as firewall in all of the sites, I can't use OpenVPN? Isn't it the same as running OpenVPN that comes with PfSense?
You can use OpenVPN.
I meant you cannot create a firewallrule on pfSense for the pfSense-internal openVPN client/server.Actually the filtering thing never crossed my mind, Do I really need to have that?
Depends on your setup.
If your openVPN subnet is a "thrusted" subnet this should not be a problem.
I thought more you want to firewall the VPN connection.maybe diagrams are more clear:
//–---------------------
Client - vpnclient
|
|
pfSense
WAN
|
|
Server - vpnserverthe client will always be able to establish a VPN connection to the Server. (if it's the client running the openVPN client instance)
pfSense does only firewalling for the traffic from WAN to LAN and vice versa.
//-----------------------Client
|
|
pfSense - vpnclient
WAN
|
|
Server - vpnservernow the vpnclient is on the pfSense itself. One might think you could firewall the vpn connection too.
--> having rules who can access the vpn tunnel or who is accessible from the VPN.
But since you cannot creat a rule for the virtual VPN-interface this is not possible.
this is what i meant in my first post. -
Hi Gruens,
Thanks for your inputs. Here is what I'm planning to setup, install Pfsense as firewall in all of the sites and configure the OpenVPN client/server setup. The subnet is a trusted subnet, and the scenario would be e.g., clients on site 1 will able to see/share files on the Head Office subnet and vice versa.
LAN subnet
|
|
pfsense HeadOffice
OpenVPN server
|
|
pfsense remote site 1
|
|
Remote LANRegards,
Jan
