Help; Problem enabling access to machines on the network with OpenVPN



  • Hello forum members,

    I have been fiddling with pfSense for about two weeks now, and I just started configuring the OpenVPN service.
    I've attached an image illustrating my current setup.

    I have a pfSense machine with 3 network adapters + another 1 on-board.
    I've connected two WAN networks; DLINK (em0) and NETGEAR (em1), with Load Balance and Failover set correctly.
    Another connection is the APPSERVER (em2) which is a server with VMware on it. I've enabled DHCP in pfSense to this interface so it can give addresses to the virtual machines running on it.

    The last connection is to the on-board network adapter - MGT (re0) which is set as the LAN connection.
    All of these connections are connected to a Juniper EX2200 switch, and that switch has another router connected to it.

    Now that the boring description is over, my question is as follows:
    How am I supposed to setup the OpenVPN, considering that all I want to accomplish is the ability to connect to the pfSense OpenVPN server and through it access my VM machine and other machines connected to my Juniper switch?

    I have tried in any way possible to think of a way and I'm desperate.
    If you need anymore information let me know and I'll happily supply it.

    Appreciate any help I can get!



  • How am I supposed to setup the OpenVPN, considering that all I want to accomplish is the ability to connect to the pfSense OpenVPN server and through it access my VM machine and other machines connected to my Juniper switch?

    At a high level, first you need to route the subnets you want access to thru the tunnel and second you need firewall rules that allow the traffic.

    For anything more than that, we'll need more detail.

    Post the IP range for each segment as well as your OpenVPN config (server1.conf).



  • @marvosa:

    Post the IP range for each segment as well as your OpenVPN config (server1.conf).

    First of all, thank you for the reply marvosa, appreciate the help, here's the IP ranges for each interface:

    APPSERVER- 192.168.97.1/24 (Static IPv4 and DHCP enabled).
    MGT - 10.0.0.90/24 (Static IPv4, this connection is setup as LAN, meaning this is the IP address I use to connect to my pfSense machine).
    And the other two (NETGEAR and DLINK) are setup as PPPoE WAN connections, meaning they're getting their IP address from my ISP.

    Also, here's the OpenVPN server1.conf file:

    
    dev ovpns1
    verb 1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-256-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/openvpn.attributes.sh
    client-disconnect /usr/local/sbin/openvpn.attributes.sh
    local 93.173.17.8
    tls-server
    server 10.0.1.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    username-as-common-name
    auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server1" via-env
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'opvtest+UCA' 1"
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 10
    push "route 10.0.0.0 255.255.255.0"
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo adaptive
    persist-remote-ip
    float
    topology subnet
    
    

Log in to reply