F5F Stay Refreshed Power Users Networks Configure PFSense OpenVPN Bridge for LAN connectivity

Configure PFSense OpenVPN Bridge for LAN connectivity

Configure PFSense OpenVPN Bridge for LAN connectivity

L
LucasandClaus
Senior Member
Find
438
06-20-2016, 03:39 AM
#1
Hello everyone, I’m trying to use my PFSense machine as a router and a VPN server for remote access. I’ve set up a VPN before and learned how to connect multiple LAN networks on different Ethernet ports together. This allows them to share the same network (192.168.200.0). However, I’m having trouble merging the VPN into the LAN so that connecting via VPN lands me on the same network as my NAS. I followed this link: https://www.reddit.com/r/PFSENSE/comment...ocal_dhcp/. The bridge settings look correct, but I’m still can’t reach the VPN server. What’s going wrong?
Reply
Reply
L
LucasandClaus
06-20-2016, 03:39 AM #1

Hello everyone, I’m trying to use my PFSense machine as a router and a VPN server for remote access. I’ve set up a VPN before and learned how to connect multiple LAN networks on different Ethernet ports together. This allows them to share the same network (192.168.200.0). However, I’m having trouble merging the VPN into the LAN so that connecting via VPN lands me on the same network as my NAS. I followed this link: https://www.reddit.com/r/PFSENSE/comment...ocal_dhcp/. The bridge settings look correct, but I’m still can’t reach the VPN server. What’s going wrong?

Reply
Reply
D
DennisAlkamo
Junior Member
Find
41
06-20-2016, 07:53 AM
#2
OpenVPN usually routes you to another subnet with a fixed path to the primary LAN. This means you can’t link directly to your main LAN, which is intentional. However, you can still reach devices as if you were connected to the 200.0 network if configured correctly.
Reply
Reply
D
DennisAlkamo
06-20-2016, 07:53 AM #2

OpenVPN usually routes you to another subnet with a fixed path to the primary LAN. This means you can’t link directly to your main LAN, which is intentional. However, you can still reach devices as if you were connected to the 200.0 network if configured correctly.

Reply
Reply
C
CookieStars
Member
Find
220
06-20-2016, 08:34 AM
#3
I connected my LAN ports and discovered that linking to the VPN server blocked access to the 200.0 network since it operated on a different "LAN" network. It seems the issue was resolved by bridging the VPN into the LAN, allowing the VPN server to use the DHCP server of the 200.0 network. Clients could then reach resources on that network. The method involved setting up proper bridging so the VPN functions within the same network segment.
Reply
Reply
C
CookieStars
06-20-2016, 08:34 AM #3

I connected my LAN ports and discovered that linking to the VPN server blocked access to the 200.0 network since it operated on a different "LAN" network. It seems the issue was resolved by bridging the VPN into the LAN, allowing the VPN server to use the DHCP server of the 200.0 network. Clients could then reach resources on that network. The method involved setting up proper bridging so the VPN functions within the same network segment.

Reply
Reply
X
XknockMC
Member
Find
121
07-07-2016, 07:48 PM
#4
Establish a fixed path from your VPN network to your local network.
Reply
Reply
X
XknockMC
07-07-2016, 07:48 PM #4

Establish a fixed path from your VPN network to your local network.

Reply
Reply
W
WouterDeJong
Member
Find
119
07-20-2016, 02:51 AM
#5
I configured the VPN server as before, linking all four LAN interfaces together on 200.0. The tunnel connects to the 200.0 local network. This should align with setting up a static route from the VPN into the LAN. But since my phone is connected to 10.0.8.2, I can't access anything on the network.
Reply
Reply
W
WouterDeJong
07-20-2016, 02:51 AM #5

I configured the VPN server as before, linking all four LAN interfaces together on 200.0. The tunnel connects to the 200.0 local network. This should align with setting up a static route from the VPN into the LAN. But since my phone is connected to 10.0.8.2, I can't access anything on the network.

Reply
Reply
F
Frostyduff
Member
Find
237
07-21-2016, 04:27 AM
#6
I just reviewed how PFSense manages this situation. It looks like all interfaces automatically handle the routes, so I didn’t have to adjust any settings myself. Your OpenVPN server is now running from your NAS without extra steps. You might have found the article helpful: https://www.netgate.com/docs/pfsense/vpn...erver.html It recommends adding firewall rules to ensure traffic flows properly.
Reply
Reply
F
Frostyduff
07-21-2016, 04:27 AM #6

I just reviewed how PFSense manages this situation. It looks like all interfaces automatically handle the routes, so I didn’t have to adjust any settings myself. Your OpenVPN server is now running from your NAS without extra steps. You might have found the article helpful: https://www.netgate.com/docs/pfsense/vpn...erver.html It recommends adding firewall rules to ensure traffic flows properly.

Reply
Reply
W
WreckerSG
Member
Find
201
07-21-2016, 05:33 AM
#7
All connections now permit traffic to any location, yet this doesn’t change the issue. My PC connects to PFSense at 0.177 from a PC at 200.129, so I’m unsure if this is normal or due to my settings. Actually, I can reach every device on the 0.0 network from 200.0, which means if I restore my NAS to the router (0.1), it should be accessible just like before—when PFSense was simply set up as an access point. It doesn’t really matter since there’s another router in front, but I’m confused why the 200.0 network isn’t working either (from 10.0.8.0).
Reply
Reply
W
WreckerSG
07-21-2016, 05:33 AM #7

All connections now permit traffic to any location, yet this doesn’t change the issue. My PC connects to PFSense at 0.177 from a PC at 200.129, so I’m unsure if this is normal or due to my settings. Actually, I can reach every device on the 0.0 network from 200.0, which means if I restore my NAS to the router (0.1), it should be accessible just like before—when PFSense was simply set up as an access point. It doesn’t really matter since there’s another router in front, but I’m confused why the 200.0 network isn’t working either (from 10.0.8.0).

Reply
Reply