How to use pfSense as a 'client' to my off-site OpenVPN Access Server?



  • How do I take my VPN Server IP and credentials, connect it to pfSense, and serve it to my LAN machine(s)?

    Is that even possible?

    I know you can tunnel pfSense to another pfSense.

    I want a host on my pfSense LAN to be connected to the OpenVPN Access Server. Only one host. I understand I may need to create another Interface just for that machine, because I have a feeling I cannot just tunnel it to one host on the LAN – it might be the entire LAN.

    I have a OpenVPN Access Server off-site. I can connect perfectly with the OpenVPN client software installed on the host. The host can only connect to the OpenVPN access server, cannot access anything on the WAN side (which is my home network), and can access the gateway. It works perfectly. When the host disconnects from the VPN, firewall rules take over and blocks access to the gateway. The host is forced to connect to the VPN. Therefore, no VPN, no Internet. VPN, access to the Internet. Perfect.

    BUT, can I do this easier without installing OpenVPN client?

    I don't want to have to install OpenVPN on all of the hosts -- so I was wondering if it were possible to connect the pfSense LAN Interface (or host) to the OpenVPN Access Server only utilizing pfSense, and not the OpenVPN client. Of course pfSense will act as the client.

    Basically, I guess I want the host's gateway to be the 'VPN'. So the WAN would essentially be the VPN. Everything that happens in that host to the gateway, would go to OpenVPN Access Server.

    I hope I explained it well. I think I explained it a little too much and repetitive.

    Also, another explanation -- if I need to change the VPN server (and will need to based on my project we are doing), it will be easier by changing the IP address in pfSense, rather than uninstalling the OpenVPN client and reinstalling the new one.

    Understand?

    I appreciate your help!
    I am learning.


  • Netgate

    OpenVPN can probably do whatever you need, but I'm not sure what that is from reading your post.  Look at the diagram here:

    Can you use that to describe what you're looking for?  Like "I want pfSense B's LAN to access pfSense A's LAN."  I've tried to make it cover as many situations as possible.  Just ignore anything that doesn't apply to your needs.  Or, better, make a diagram of what you want and share it.



  • Hmm - how to describe it.

    I want pfSense to somehow direct ALL Internet traffic to the OpenVPN.

    It is essentially SITE-TO-SITE, but the OpenVPN Access Server is not pfSense. It is literally a OpenVPN Access Server.

    The LAN host will already be connected to OpenVPN Access Server (my dedicated server at a datacenter) through pfSense.

    ALL 'LAN' hosts will use VPN Server 1 (dedicated server at a datacenter).

    ALL hosts on the LAN will use the VPN. So then I don't need to go to each individual host and install the OpenVPN client.

    I want to utilize my VPN without installing a client on each host.
    :)