4. Multiple OpenPVN

Multiple OpenPVN

  • J

    Hi Guys,

    I have questions regarding OpenVPN, we are going to setup OpenVPN on 4 sites each using PfSense as firewall, what we want to happen is for the four sites be connected via OpenVPN, sharing files as if their in a LAN. Is this setup possible? What I have in mind is that each site will be configured as a server and as a client, some sort of multiple trust domain.

    TIA,

    Jan

    0

  • If you want to use pfSense to firewall the openVPN then it's a nogo.
    You cannot filter the traffic comming in /going out through the openVPN tunnel.

    But it is no problem to have multiple Servers or Clients running at the same time.

    0
  • J

    Hi Gruens,

    I didn't quite understood what you said, so you're saying that if I will use PfSense as firewall in all of the sites, I can't use OpenVPN? Isn't it the same as running OpenVPN that comes with PfSense?

    Actually the filtering thing never crossed my mind, Do I really need to have that?

    Jan

    0

  • @jan:

    Hi Gruens,

    I didn't quite understood what you said, so you're saying that if I will use PfSense as firewall in all of the sites, I can't use OpenVPN? Isn't it the same as running OpenVPN that comes with PfSense?

    You can use OpenVPN.
    I meant you cannot create a firewallrule on pfSense for the pfSense-internal openVPN client/server.

    Actually the filtering thing never crossed my mind, Do I really need to have that?

    Depends on your setup.
    If your openVPN subnet is a "thrusted" subnet this should not be a problem.
    I thought more you want to firewall the VPN connection.

    maybe diagrams are more clear:
    //–---------------------
      Client - vpnclient
        |
        |
    pfSense
      WAN
        |
        |
      Server - vpnserver

    the client will always be able to establish a VPN connection to the Server. (if it's the client running the openVPN client instance)
    pfSense does only firewalling for the traffic from WAN to LAN and vice versa.
    //-----------------------

    Client
        |
        |
    pfSense - vpnclient
      WAN
        |
        |
      Server - vpnserver

    now the vpnclient is on the pfSense itself. One might think you could firewall the vpn connection too.
    --> having rules who can access the vpn tunnel or who is accessible from the VPN.
    But since you cannot creat a rule for the virtual VPN-interface this is not possible.
    this is what i meant in my first post.

    0
  • J

    Hi Gruens,

    Thanks for  your inputs. Here is what I'm planning to setup, install Pfsense as firewall in all of the sites and configure the OpenVPN client/server setup. The subnet is a trusted subnet, and the scenario would be e.g., clients on site 1 will able to see/share files on the Head Office subnet and vice versa.

    LAN subnet
        |
        |
    pfsense HeadOffice
    OpenVPN server
        |
        |
    pfsense remote site 1
        |
        |
    Remote LAN

    Regards,

    Jan

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy