Routing Between OpenVPN servers



  • I would like to set up the pfsense device as follows:

    pfsense hosts OpenVPN servers A, B, C

    psense server LAN subnet 10.0.1.0/24
    Client 1 with LAN subnet 10.0.2.0/24 connects to server B – virtual OpenVPN subnet is 172.16.2.0/24 -- cannot interact with any subnets other than its local
    Client 2 with LAN subnet 10.0.3.0/24 connects to server C -- virtual OpenVPN subnet is 172.16.3.0/24 -- cannot interact with any subnets other than its local

    User connects to server A -- virtual OpenVPN subnet is 172.16.1.0/24 -- can interact with local to the pfsense, Client 1, and Client 2 (subnets 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24)

    Is this possible?


  • LAYER 8 Netgate

    Yes.  The connections allowed into a pfSense node from the other end of an OpenVPN connection are on Firewall > Rules, OpenVPN tab.

    So on the pfSense server, you would simply not pass connections from 10.0.2.0/24 or 10.0.3.0/24.  On Clients 1 & 2 you would pass connections from 10.0.1.0/24.

    You can also assign interfaces to OpenVPN servers so you can have a firewall rule tab for each server, instead of all OpenVPN servers combined.  This gives you a little more granularity and lets you do things like NAT out a VPN tunnel, etc.

    It doesn't have to be three different servers either.  You could do it with one Remote Access (At least I think that's what you're describing as Server A) and one Site-to-Site (to go to Clients 1 & 2).


Log in to reply