Pfsense OpenVPN Server in the cloud – peer to peer with multiple clients
-
Hi all,
I use the last PfSense version 2.2.4.
I've deployed an PfSense VM in the cloud and I use it as an OpenVPN server.
The Goal is to configure the maximum of the configuration in the cloud server.
I used the Client Specific Overrides to send specific parameters to a specific client.From the Client LAN 192.168.13.0/24, I can ping all hosts from LAN Server
From the Client LAN 192.168.15.0/24, I can ping all hosts from LAN ServerFrom the Server LAN 192.168.43.0/24, I can ping all hosts from LAN Clients 13.0/24 & 15.0/24.
I would like now allow the communication between the Clients LAN 13.0 to 15.0 and vice versa.
Here my Server configuration :
dev ovpns3
verb 1
dev-type tun
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local MYSERVERIP
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
ifconfig 10.0.8.1 10.0.8.2
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'SierraServer' 1 "
lport 1194
management /var/etc/openvpn/server3.sock unix
push "route 192.168.43.0 255.255.255.0"
route 192.168.13.0 255.255.255.0
route 192.168.15.0 255.255.255.0
ca /var/etc/openvpn/server3.ca
cert /var/etc/openvpn/server3.cert
key /var/etc/openvpn/server3.key
dh /etc/dh-parameters.2048
comp-lzo yes
tun-mtu 1500
mssfix 1400
fragment 1300Here my CSO for client1 (192.168.13.0)
ifconfig-push 10.0.8.10 10.0.8.1
push "route 192.168.43.0 255.255.255.0"
push "route 192.168.15.0 255.255.255.0"
iroute 192.168.13.0 255.255.255.0and CSO for client2 (192.168.15.0)
ifconfig-push 10.0.8.20 10.0.8.1
push "route 192.168.43.0 255.255.255.0"
push "route 192.168.13.0 255.255.255.0"
iroute 192.168.15.0 255.255.255.0Thanks in advance for your help about this case.
Maybe it's just a routing or NAT problem because client & server can ping all hosts but I've tried lot of settings unsuccessfully.Best regards
-
it works
I've added a NAT outbound rule to allow communication
interface : openvpn
source : any
source port : *
destination : any
destination : *
nat port : *
satic port : no
nat address : OpenVPN addressPing works from a client LAN host to another client LAN host.
OUFFFFFF.