Routing Public IP over vpn



  • I have a remote site that is on a private space network behind the ISP (wireless).  We use OpenVPN to access the LAN there and everything works fine.

    Now I have need to access a camera on the remote site from the public internet and want to do it by using one of the main sites Public IP addresses and route the connection over the VPN.

    I can see the traffic arriving there but the returned traffic is stopped at the remote firewall showing up in the logs as blocked traffic on the LAN interface.

    Im using 2.2RC on both ends.  tun, openvpn, LAN rule to anywhere,

    Anyone else doing something similar to this with any luck?


  • LAYER 8 Netgate

    See the diagram in my sig.

    Reference this post: https://forum.pfsense.org/index.php?topic=82732.msg453269#msg453269  That should get you mostly there.



  • This disrupts OpenVPN traffic to pfSense B so don’t do it over the VPN or you’ll be unhappy on your drive to the datacenter.  Do it from LAN or WAN.

    Guess Ill do this next week.  ;D

    Thanks!


  • LAYER 8 Netgate

    It comes right back up.  Just have to be sure you're not doing it through the only path into the router.



  • @Derelict:

    It comes right back up.  Just have to be sure you're not doing it through the only path into the router.

    I have to read it again.  So the site Im worried about is the site with the public IP addresses?    The remote site is only accessible via LAN when no VPN exists…


  • LAYER 8 Netgate

    Oh.  Yeah.  That's a problem.  You could just enable webconfig access on WAN briefly, log in that way and make the changes, then disable it again after the VPN comes back up.



  • @Derelict:

    Oh.  Yeah.  That's a problem.  You could just enable webconfig access on WAN briefly, log in that way and make the changes, then disable it again after the VPN comes back up.

    Thar be the issue.  Its behind an ISP that only hands out private space addresses.  10.190.x.x



  • If there is some computer behind the pfSense at the remote site, then you can install something like TeamViewer on it. That will also find its way out from behind private address space. Then you can TeamViewer to that computer (VM or whatever) and open a browser there to access pfSense webGUI even when the OpenVPN is down/off.


Log in to reply