Sunday 11 August 2013

Pfsense site-to-site OpenVPN

PPTP vs OpenVPN vs IPsec VPN
http://www.ivpn.net/knowledgebase/62/PPTP-vs-L2TP-vs-OpenVPN.html

Referred to
http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_(Shared_Key,_2.0)
http://blog.stefcho.eu/?p=576

Topology


Configure one site as a Server and another as client
Server will listen/wait for client to connect at the specified port. (we can use default port 1194 or different port such as tcp/443)

So, server side firewall must allow traffic from OpenVPN client source IP to access that port.

Routing of additional networks (we can only define one local subnet in openVPN default configuration), add "route 172.16.1.0 255.255.255.0" in advanced configuration box. Of course, the router(pfsense) protecting that network must know how to reach it(add static route)

Access Firewall rules
Fw Access rules via OpenVPN must be configured under OpenVPN tab in firewall section. Firewall in pfsense behaves like cisco ASA - scanning the traffic via incoming interface. So, remember to allow traffic at source firewall (LAN interface) and destination firewall (openVPN) interface.


Dropped Firewall logs


Check OpenVPN logs under Status --> OpenVPN. Check firewall logs under Status --> System Logs.

No comments:

Post a Comment