Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Routing Between OpenVPN servers

    OpenVPN
    2
    2
    695
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rckalex last edited by

      I would like to set up the pfsense device as follows:

      pfsense hosts OpenVPN servers A, B, C

      psense server LAN subnet 10.0.1.0/24
      Client 1 with LAN subnet 10.0.2.0/24 connects to server B – virtual OpenVPN subnet is 172.16.2.0/24 -- cannot interact with any subnets other than its local
      Client 2 with LAN subnet 10.0.3.0/24 connects to server C -- virtual OpenVPN subnet is 172.16.3.0/24 -- cannot interact with any subnets other than its local

      User connects to server A -- virtual OpenVPN subnet is 172.16.1.0/24 -- can interact with local to the pfsense, Client 1, and Client 2 (subnets 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24)

      Is this possible?

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Yes.  The connections allowed into a pfSense node from the other end of an OpenVPN connection are on Firewall > Rules, OpenVPN tab.

        So on the pfSense server, you would simply not pass connections from 10.0.2.0/24 or 10.0.3.0/24.  On Clients 1 & 2 you would pass connections from 10.0.1.0/24.

        You can also assign interfaces to OpenVPN servers so you can have a firewall rule tab for each server, instead of all OpenVPN servers combined.  This gives you a little more granularity and lets you do things like NAT out a VPN tunnel, etc.

        It doesn't have to be three different servers either.  You could do it with one Remote Access (At least I think that's what you're describing as Server A) and one Site-to-Site (to go to Clients 1 & 2).

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post