Help with setting up pfSense as OpenVPN Gateway



  • Hi, I am hoping a few pfSense guru's can help me with what I thought would be a very simple implementation.  Perhaps I just need to be pointed to the correct documentation.

    First the background:

    I have a StrongVPN account that I currently use a dedicated Asus router to connect to.  This is not my main gateway or router, so when I want to connect to StrongVPN, I simply change my desktop gateway to point to this router that has been configured as a VPN gateway using Tomato.  This is simple and what I wanted to accomplish using pfsense.  The reason, I want to do this is because the Asus router does not have a powerful CPU so it is a bottleneck for OpenVPN performance. I would like to use a dedicated PC running pfsense in a similar configuration.

    Current State:

    Asus RT-N16 (NAT/Firewall/Gateway/DHCP) –-> Asus RT-N66U (Wifi bridge on LAN, OpenVPN gateway)

    Desired State:

    Asus RT-N16 (NAT/Firewall/Gateway/DHCP) ---> PC running pfSense (OpenVPN gateway),  Asus RT-N66U (Wifi bridge on LAN)

    Setting up OpenVPN client is simple and I have followed the guide here https://forum.pfsense.org/index.php?topic=29944.0, and it connects fine.

    What I having issues with is the routing/firewall configuration so that all LAN traffic that points to pfSense as a gateway will be accepted and appear to come from the VPN network.  I guess what I am really after is pfSense to simply behave like an OpenVPN router, and no so much as a firewall.  Even a configuration with a single NIC should work in theory, but I am open to suggestions.

    I hope I adequately explained my desired use case and I would really appreciate any assistance, as I see so much potential with pfSense but have struggled with the learning curve compared to Tomato.

    Thanks guys,
    Marco



  • Well it looks like it was a routing issue.

    Lesson here is to ensure that you put all the options provided by your VPN provider from the ovpn file into the advanced section pfSense OpenVPN cleint configuration.  Is was only when I attempted a traceroute from pfsense that I realized there was an issue with routing.  This is of course on top of following all the published guides on this.

    Once I put the following, based on the ovpn config file, it resolved the routing issues.

    SAMPLE ONLY (You will need to use whatever setting is provided)
    persist-key;persist-tun;verb 4;reneg-sec 86400;tun-mtu 1500;route-method exe;route-delay 2
    redirect-gateway def1;comp-lzo no;explicit-exit-notify 2;fragment 1390;mssfix 1390;hand-window 30

    Thanks,
    Marco


Log in to reply