Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to use pfSense as a 'client' to my off-site OpenVPN Access Server?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rowebil
      last edited by

      How do I take my VPN Server IP and credentials, connect it to pfSense, and serve it to my LAN machine(s)?

      Is that even possible?

      I know you can tunnel pfSense to another pfSense.

      I want a host on my pfSense LAN to be connected to the OpenVPN Access Server. Only one host. I understand I may need to create another Interface just for that machine, because I have a feeling I cannot just tunnel it to one host on the LAN – it might be the entire LAN.

      I have a OpenVPN Access Server off-site. I can connect perfectly with the OpenVPN client software installed on the host. The host can only connect to the OpenVPN access server, cannot access anything on the WAN side (which is my home network), and can access the gateway. It works perfectly. When the host disconnects from the VPN, firewall rules take over and blocks access to the gateway. The host is forced to connect to the VPN. Therefore, no VPN, no Internet. VPN, access to the Internet. Perfect.

      BUT, can I do this easier without installing OpenVPN client?

      I don't want to have to install OpenVPN on all of the hosts -- so I was wondering if it were possible to connect the pfSense LAN Interface (or host) to the OpenVPN Access Server only utilizing pfSense, and not the OpenVPN client. Of course pfSense will act as the client.

      Basically, I guess I want the host's gateway to be the 'VPN'. So the WAN would essentially be the VPN. Everything that happens in that host to the gateway, would go to OpenVPN Access Server.

      I hope I explained it well. I think I explained it a little too much and repetitive.

      Also, another explanation -- if I need to change the VPN server (and will need to based on my project we are doing), it will be easier by changing the IP address in pfSense, rather than uninstalling the OpenVPN client and reinstalling the new one.

      Understand?

      I appreciate your help!
      I am learning.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        OpenVPN can probably do whatever you need, but I'm not sure what that is from reading your post.  Look at the diagram here:

        Can you use that to describe what you're looking for?  Like "I want pfSense B's LAN to access pfSense A's LAN."  I've tried to make it cover as many situations as possible.  Just ignore anything that doesn't apply to your needs.  Or, better, make a diagram of what you want and share it.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          rowebil
          last edited by

          Hmm - how to describe it.

          I want pfSense to somehow direct ALL Internet traffic to the OpenVPN.

          It is essentially SITE-TO-SITE, but the OpenVPN Access Server is not pfSense. It is literally a OpenVPN Access Server.

          The LAN host will already be connected to OpenVPN Access Server (my dedicated server at a datacenter) through pfSense.

          ALL 'LAN' hosts will use VPN Server 1 (dedicated server at a datacenter).

          ALL hosts on the LAN will use the VPN. So then I don't need to go to each individual host and install the OpenVPN client.

          I want to utilize my VPN without installing a client on each host.
          :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.