I've got a perfectly working pfsense box, with LAN and WAN. I've recently changed jobs, and part of the new role is an OpenVPN connection to work for admin etc.
This email suggests that is possible to have the openVPN connection as a proper NATted link, so from any home machine I can ssh to a work IP. Cool!
However there were a couple hangups. Here's my working version
As a final step you need to look at the DNS server in pfsense and tell it to fin
d the right server for the domain - basically a split-system.
Remember this will be obliterated if you reload the firewall filter rules, or reboot the firewall. Someday this may make it into the webgui. Currently we can't add it in the webgui --> firewall --> NAT --> outbound because you cannot choose tun0 as an interface.
And of course not four minutes after I get it going, vacum quotes this link to the devwiki which has all the right answers.
- create a OpenVPN client connection via the pfsense webgui
- connect to a shell on your pfsense box and run pfctl -sn > /var/tmp/tempfile to generate a text version.
- vi /var/tmp/tempfile I hope you know enough vi to get by...
- find your line that resembles this. fxp1 is my WAN interface, 10.28.0.0/16 is my LAN network and netmask.
nat on fxp1 inet from 10.28.0.0/16 to any -> (fxp1) round-robin
- add a line below it like this, where tun0 is your openVPN tunnel interface, and 172.22.22.0/24 is the network at the other end of the OpenVPN link
nat on tun0 inet from 10.28.0.0/16 to 172.22.22.0/24 -> (tun0) round-robin
- My tun0 has the IP of 172.22.21.38 and is a POINTOPOINT link to 172.22.21.37. These IPs and networks are not related to the NAT.
- read this file in with pfctl -Nf /var/tmp/tempfile
This file last modified Thursday October 11, 2007
If you find something here useful, feel free to donate bitcoin:
Donations address: 14LHst9s1UEh8NMem87qaEd9tJWSCiNt1x