Little help needed understanding the "VPN Capability OpenVPN" wiki page



  • Ok, i'm trying to set up a VPN with a remote PC through pfSense using OpenVPN.

    http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN

    The first part of the guide, generating the certs, I understand, and have completed successfully. I've generated the server and client certs.

    On the windows machine that I will be connecting i'm using the OpenVPN GUI for windows, and have set up the config file as per the guide and put the certs into the config folder

    I've also set up OpenVPN in pfSense, but here is where my questions are. I have pfSense set up as a load balancer for 2 Static IP DSL lines.

    For example these lines have these IP's:

    LAN Gateway:
    192.168.1.1/24

    WAN1:
    External: 213.94.182.100
    Internal: 192.168.100.2

    WAN2:
    External: 213.94.182.101
    Internal: 192.168.200.2

    First question how do I tell pfSense which line to use for the VPN?

    Also on the "OpenVPN config page" what do I put in for "Local Network"? Is it the gateway 192.168.1.1/24, or this 192.168.1.0/24 or something else?

    When should I be using "custom options"

    Also could someone tell me what I need to set to apply this rule, what IP address am I pointing it at?

    2. Go to the firewall rules for the WAN interface, and open up the TCP (or UDP) port you defined for your OpenVPN instance.

    Lastly, in the config file settings, what should I be using instead of "n.n.n.n" also where do I need to set the hostname, what should the hostname be?

    port 443
    dev tun
    dev-node ovpn-tun0
    proto tcp-client
    remote n.n.n.n 443
    ping 30

    persist-tun
    persist-key

    tls-client
    ca ca.crt
    cert client1.crt
    key client.key

    ns-cert-type server
    comp-lzo
    pull

    All help is greatly appreciated



  • AFAIK OpenVPN listens on all interfaces, it's "just" a matter of routing ;)

    You add something to "Local Network" if you want OpenVPN to push a route to it to the client (in your case it would be 192.168.1.0/24).  If you simply want to have all traffic pushed through the VPN leave it blank and add the following to the "Custom Options":

    push "redirect-gateway"

    The rule - the external IP address(es) of the pfSense host you want OpenVPN to be visible on.

    On the last point, replace n.n.n.n with the external (213.94.182.) address and ensure the device(s) that has/have those IPs forward the relevant ports to pfSense host (if the pfSense host doesn't have them).


Log in to reply