Help; Problem enabling access to machines on the network with OpenVPN
-
Hello forum members,
I have been fiddling with pfSense for about two weeks now, and I just started configuring the OpenVPN service.
I've attached an image illustrating my current setup.I have a pfSense machine with 3 network adapters + another 1 on-board.
I've connected two WAN networks; DLINK (em0) and NETGEAR (em1), with Load Balance and Failover set correctly.
Another connection is the APPSERVER (em2) which is a server with VMware on it. I've enabled DHCP in pfSense to this interface so it can give addresses to the virtual machines running on it.The last connection is to the on-board network adapter - MGT (re0) which is set as the LAN connection.
All of these connections are connected to a Juniper EX2200 switch, and that switch has another router connected to it.Now that the boring description is over, my question is as follows:
How am I supposed to setup the OpenVPN, considering that all I want to accomplish is the ability to connect to the pfSense OpenVPN server and through it access my VM machine and other machines connected to my Juniper switch?I have tried in any way possible to think of a way and I'm desperate.
If you need anymore information let me know and I'll happily supply it.Appreciate any help I can get!
-
How am I supposed to setup the OpenVPN, considering that all I want to accomplish is the ability to connect to the pfSense OpenVPN server and through it access my VM machine and other machines connected to my Juniper switch?
At a high level, first you need to route the subnets you want access to thru the tunnel and second you need firewall rules that allow the traffic.
For anything more than that, we'll need more detail.
Post the IP range for each segment as well as your OpenVPN config (server1.conf).
-
Post the IP range for each segment as well as your OpenVPN config (server1.conf).
First of all, thank you for the reply marvosa, appreciate the help, here's the IP ranges for each interface:
APPSERVER- 192.168.97.1/24 (Static IPv4 and DHCP enabled).
MGT - 10.0.0.90/24 (Static IPv4, this connection is setup as LAN, meaning this is the IP address I use to connect to my pfSense machine).
And the other two (NETGEAR and DLINK) are setup as PPPoE WAN connections, meaning they're getting their IP address from my ISP.Also, here's the OpenVPN server1.conf file:
dev ovpns1 verb 1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher AES-256-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local 93.173.17.8 tls-server server 10.0.1.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc username-as-common-name auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'opvtest+UCA' 1" lport 1194 management /var/etc/openvpn/server1.sock unix max-clients 10 push "route 10.0.0.0 255.255.255.0" ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo adaptive persist-remote-ip float topology subnet