Pfsense OpenVPN Server in the cloud – peer to peer with multiple clients



  • Hi all,

    I use the last PfSense version 2.2.4.

    I've deployed an PfSense VM in the cloud and I use it as an OpenVPN server.
    The Goal is to configure the maximum of the configuration in the cloud server.
    I used the Client Specific Overrides to send specific parameters to a specific client.

    From the Client LAN 192.168.13.0/24, I can ping all hosts from LAN Server
    From the Client LAN 192.168.15.0/24, I can ping all hosts from LAN Server

    From the Server LAN 192.168.43.0/24, I can ping all hosts from LAN Clients 13.0/24 & 15.0/24.

    I would like now allow the communication between the Clients LAN 13.0 to 15.0 and vice versa.

    Here my Server configuration :

    dev ovpns3
    verb 1
    dev-type tun
    dev-node /dev/tun3
    writepid /var/run/openvpn_server3.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher BF-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local MYSERVERIP
    tls-server
    server 10.0.8.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc
    ifconfig 10.0.8.1 10.0.8.2
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'SierraServer' 1 "
    lport 1194
    management /var/etc/openvpn/server3.sock unix
    push "route 192.168.43.0 255.255.255.0"
    route 192.168.13.0 255.255.255.0
    route 192.168.15.0 255.255.255.0
    ca /var/etc/openvpn/server3.ca
    cert /var/etc/openvpn/server3.cert
    key /var/etc/openvpn/server3.key
    dh /etc/dh-parameters.2048
    comp-lzo yes
    tun-mtu 1500
    mssfix 1400
    fragment 1300

    Here my CSO for client1 (192.168.13.0)

    ifconfig-push 10.0.8.10 10.0.8.1
    push "route 192.168.43.0 255.255.255.0"
    push "route 192.168.15.0 255.255.255.0"
    iroute 192.168.13.0 255.255.255.0

    and CSO for client2 (192.168.15.0)

    ifconfig-push 10.0.8.20 10.0.8.1
    push "route 192.168.43.0 255.255.255.0"
    push "route 192.168.13.0 255.255.255.0"
    iroute 192.168.15.0 255.255.255.0

    Thanks in advance for your help about this case.
    Maybe it's just a routing or NAT problem because client & server can ping all hosts but I've tried lot of settings unsuccessfully.

    Best regards



  • it works

    I've added a NAT outbound rule to allow communication

    interface : openvpn
    source : any
    source port : *
    destination : any
    destination : *
    nat port : *
    satic port : no
    nat address : OpenVPN address

    Ping works from a client LAN host to another client LAN host.

    OUFFFFFF.


Log in to reply