Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help; Problem enabling access to machines on the network with OpenVPN

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 740 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      greel
      last edited by

      Hello forum members,

      I have been fiddling with pfSense for about two weeks now, and I just started configuring the OpenVPN service.
      I've attached an image illustrating my current setup.

      I have a pfSense machine with 3 network adapters + another 1 on-board.
      I've connected two WAN networks; DLINK (em0) and NETGEAR (em1), with Load Balance and Failover set correctly.
      Another connection is the APPSERVER (em2) which is a server with VMware on it. I've enabled DHCP in pfSense to this interface so it can give addresses to the virtual machines running on it.

      The last connection is to the on-board network adapter - MGT (re0) which is set as the LAN connection.
      All of these connections are connected to a Juniper EX2200 switch, and that switch has another router connected to it.

      Now that the boring description is over, my question is as follows:
      How am I supposed to setup the OpenVPN, considering that all I want to accomplish is the ability to connect to the pfSense OpenVPN server and through it access my VM machine and other machines connected to my Juniper switch?

      I have tried in any way possible to think of a way and I'm desperate.
      If you need anymore information let me know and I'll happily supply it.

      Appreciate any help I can get!
      net-visio.png
      net-visio.png_thumb

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        How am I supposed to setup the OpenVPN, considering that all I want to accomplish is the ability to connect to the pfSense OpenVPN server and through it access my VM machine and other machines connected to my Juniper switch?

        At a high level, first you need to route the subnets you want access to thru the tunnel and second you need firewall rules that allow the traffic.

        For anything more than that, we'll need more detail.

        Post the IP range for each segment as well as your OpenVPN config (server1.conf).

        1 Reply Last reply Reply Quote 0
        • G
          greel
          last edited by

          @marvosa:

          Post the IP range for each segment as well as your OpenVPN config (server1.conf).

          First of all, thank you for the reply marvosa, appreciate the help, here's the IP ranges for each interface:

          APPSERVER- 192.168.97.1/24 (Static IPv4 and DHCP enabled).
          MGT - 10.0.0.90/24 (Static IPv4, this connection is setup as LAN, meaning this is the IP address I use to connect to my pfSense machine).
          And the other two (NETGEAR and DLINK) are setup as PPPoE WAN connections, meaning they're getting their IP address from my ISP.

          Also, here's the OpenVPN server1.conf file:

          
          dev ovpns1
          verb 1
          dev-type tun
          tun-ipv6
          dev-node /dev/tun1
          writepid /var/run/openvpn_server1.pid
          #user nobody
          #group nobody
          script-security 3
          daemon
          keepalive 10 60
          ping-timer-rem
          persist-tun
          persist-key
          proto udp
          cipher AES-256-CBC
          auth SHA1
          up /usr/local/sbin/ovpn-linkup
          down /usr/local/sbin/ovpn-linkdown
          client-connect /usr/local/sbin/openvpn.attributes.sh
          client-disconnect /usr/local/sbin/openvpn.attributes.sh
          local 93.173.17.8
          tls-server
          server 10.0.1.0 255.255.255.0
          client-config-dir /var/etc/openvpn-csc
          username-as-common-name
          auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env
          tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'opvtest+UCA' 1"
          lport 1194
          management /var/etc/openvpn/server1.sock unix
          max-clients 10
          push "route 10.0.0.0 255.255.255.0"
          ca /var/etc/openvpn/server1.ca
          cert /var/etc/openvpn/server1.cert
          key /var/etc/openvpn/server1.key
          dh /etc/dh-parameters.2048
          tls-auth /var/etc/openvpn/server1.tls-auth 0
          comp-lzo adaptive
          persist-remote-ip
          float
          topology subnet
          
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.