OpenVPN Server on pfSense with one interface in private subnet

ToMasz

Hi all!

Can I configure OpenVPN Server on platform with one interface (or virtual instance pfSense).
The client must have access( from Internet) to the servers in a private network.

OpenVPN Client
                          |
                          |
                    INTERNET
                          |
                          |
ROUTER (Public IP, Server DHCP, NAT from Public IP TCP/1194 to OpenVpn server 192.168.1.200 TCP/1194)
                          |
                          |
                      SWITCH
                          |
      |___________
      |                |                  |            |        |
Computer1  Computer2  Server1 …Server n OpenVPN Server
192.168.1.1 192.168.1.2 192.168.1.3 .... n ---192.168.1.200

I would be grateful for any help!

Derelict

The problem with that is all your hosts on 192.168.1.0/24 having the router set as their default gateway and routing traffic for the OpenVPN clients to it instead of back to the OpenVPN server.  Routing traffic back out the same interface the traffic was received on is generally problematic and doesn't end well.  You get ICMP redirects and other general nastiness.

Other than that I don't see why it wouldn't work.  I can't think of a reason OpenVPN would care that it's routing traffic out the same interface it's listening on (This is different from the above).  But I've never tried it.

Is there another router interface on which you can put the OpenVPN server on its own subnet?

Replace the router with pfSense?  ;)

ToMasz

I just want to pfSense realized only users authentication. Unfortunately, I can't replace main router. I don't have full access to it. The administrator can only redirect for me the ports on the private network.

viragomann

Hi!

I had such a set up running at time of replacement my old Firewall with pfSense to provide a nearly uninterrupted VPN service for the clients.

pfSense with three OpenVPN severs was running on a VM. As I remember, it had two interfaces, however, both in the same subnet. Maybe it was not an optimal set up, but it worked well.

BoMbY

I can't see we it shouldn't work. Had something like the OPs request running for a few minutes yesterday (before other problems occurred). I had it running as a tap (because I want to use LAGG), without actually bridging a physical ethernet adapter, and just routing/nat from the bridge IP to the public IP.

ToMasz

I installed pfSense on VM with two interfaces WAN and LAN (Maybe I only need one interface -WAN?).
TAP mode is optimal for me -because clients, connecting via vpn, must a have access to the network.
I have not found a tutorial how to perform this configuration -please help!