Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Little help needed understanding the "VPN Capability OpenVPN" wiki page

    OpenVPN
    2
    2
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      leimrod
      last edited by

      Ok, i'm trying to set up a VPN with a remote PC through pfSense using OpenVPN.

      http://doc.pfsense.org/index.php/VPN_Capability_OpenVPN

      The first part of the guide, generating the certs, I understand, and have completed successfully. I've generated the server and client certs.

      On the windows machine that I will be connecting i'm using the OpenVPN GUI for windows, and have set up the config file as per the guide and put the certs into the config folder

      I've also set up OpenVPN in pfSense, but here is where my questions are. I have pfSense set up as a load balancer for 2 Static IP DSL lines.

      For example these lines have these IP's:

      LAN Gateway:
      192.168.1.1/24

      WAN1:
      External: 213.94.182.100
      Internal: 192.168.100.2

      WAN2:
      External: 213.94.182.101
      Internal: 192.168.200.2

      First question how do I tell pfSense which line to use for the VPN?

      Also on the "OpenVPN config page" what do I put in for "Local Network"? Is it the gateway 192.168.1.1/24, or this 192.168.1.0/24 or something else?

      When should I be using "custom options"

      Also could someone tell me what I need to set to apply this rule, what IP address am I pointing it at?

      2. Go to the firewall rules for the WAN interface, and open up the TCP (or UDP) port you defined for your OpenVPN instance.

      Lastly, in the config file settings, what should I be using instead of "n.n.n.n" also where do I need to set the hostname, what should the hostname be?

      port 443
      dev tun
      dev-node ovpn-tun0
      proto tcp-client
      remote n.n.n.n 443
      ping 30

      persist-tun
      persist-key

      tls-client
      ca ca.crt
      cert client1.crt
      key client.key

      ns-cert-type server
      comp-lzo
      pull

      All help is greatly appreciated

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        AFAIK OpenVPN listens on all interfaces, it's "just" a matter of routing ;)

        You add something to "Local Network" if you want OpenVPN to push a route to it to the client (in your case it would be 192.168.1.0/24).  If you simply want to have all traffic pushed through the VPN leave it blank and add the following to the "Custom Options":

        push "redirect-gateway"

        The rule - the external IP address(es) of the pfSense host you want OpenVPN to be visible on.

        On the last point, replace n.n.n.n with the external (213.94.182.) address and ensure the device(s) that has/have those IPs forward the relevant ports to pfSense host (if the pfSense host doesn't have them).

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.