Official, Up-to-Date Method for Extending Subnet?
-
I am running pfSense 2.1.3 and I'm looking for an official, up-to-date method for creating a site-to-site VPN to extend a subnet. It seems like there is a lot of discrepancy on how to do this and it seems like the process has changed from 1.x to 2.x to 2.1.
Can anyone add to the procedure below so we can compile a proper procedure?
Site 1:
-
Create a New OpenVPN Server Instance
-
Server Mode: Peer to Peer (Shared Key)
-
Device Mode: tap
-
Description: Layer 2 Bridge
-
Set IPv4 Tunnel Network to Unused Subnet
-
Save
-
Re-open the Server Instance and Copy the Shared TLS Key
-
Interfaces - Assign
-
Click +
-
Choose Layer 2 Bridge from Dropdown
-
Click Save
-
Click Interface Name
-
Check Enable Interface
-
Click Save, Apple Changes
-
Click Interfaces - Assign - Bridges
-
Click +
-
Select LAN and OPTx Interface
-
Enter Description - Save
-
Firewall - Rules - OPTx
-
Create Basic Allow All Rule (IPV4, Protocol: Any)
-
Save - Apply Changes
Site 2:
-
Create a New OpenVPN Client Instance
-
Server Mode: Peer to Peer (Shared Key)
-
Device Mode: tap
-
Enter Server Host for Site 1
-
Enter Description
-
Paste Shared key from Site 1
-
IPv4 Tunnel Network: Same as Site 1
-
Interfaces - Assign - Click +
-
Choose tap1 interface from Dropdown
-
Click Save
-
Click Interface Name
-
Check Enable Interface - Save - Apply Changes
-
Click Interfaces - Assign - Bridges
-
Click +
-
Choose LAn and OPTx Interface
-
Enter Description - Save
-
Firewall - Rules - OPTx
-
Create Basic Allow All Rule (IPV4, Protocol: Any)
-
Save - Apply Changes
That should be it for the pfSense config, correct? What about a sample configuration for a client behind each pfSense server?
-