Create a site-to-site (S2S) VPN tunnel via OpenVPN secured with SSL/TLS (L3 mode) on pfSense 2.6

  • Firewall
  • pfSense
  • 3/6

1.7. Allow access to the OpenVPN server from the WAN interface on site 1 (Brussels)

So that your OpenVPN clients can connect to your OpenVPN server, you need to add a rule in the pfSense firewall on the site where you installed your OpenVPN server.

To do this, go to: Firewall -> Rules.

Go to the "WAN" tab (since the OpenVPN server must be accessible from the Internet) and click: Add.

Warning : if you see the "RFC 1918 networks" rule appear in the "WAN" tab and pfSense uses a private (local) IP address for its WAN interface, you will first need to disable the "Block private networks and loopback addresses" at the bottom of the "Interfaces -> WAN" page.

On the "Edit Firewall Rule" page that appears, configure this:

  • Action: Pass. To allow network traffic.
  • Interface: WAN. To allow access to the OpenVPN server from the Internet.
  • Address Family: IPv4. If your company has a public IPv4 address.
  • Protocol: UDP. OpenVPN uses the UDP protocol on port 1194.

Then, indicate this:

  • Source: select host or alias if only one client site should be able to connect to your OpenVPN server and the remote site where the OpenVPN client is installed has a static (fixed) public IP address.
    Next, provide the public IP address of the remote site where the OpenVPN client is installed.
    Otherwise, select "Any" from the list so that any machine can attempt to connect to your OpenVPN server.
    Note that the OpenVPN client will need to use the correct LTS key and a valid certificate in your case for this to work.
  • Destination: select "WAN address" (which corresponds to the IP address of the pfSense WAN interface).
  • Destination Port Range: select the "OpenVPN (1194)" port in the 2 lists (From / To).
  • Description: provide a description for reference.
    In our case: Allow access to OpenVPN server from other sites.

Then, click Save.

Click: Apply Changes.

The rule was applied on the firewall.

1.8. Allow network traffic in OpenVPN tunnel to site 1 (Brussels)

To allow network traffic in the OpenVPN tunnel to site 1 (Brussels) where the OpenVPN server is located, go to the "OpenVPN" tab of the firewall and click: Add.

Allow all IPv4 network traffic on the OpenVPN interface:

  • Action: Pass.
  • Interface: OpenVPN.
  • Address Family: IPv4.
  • Protocol: Any. Allows you to authorize all existing protocols (TCP, UDP, ICMP, ...).

Allow all network traffic inside the OpenVPN tunnel. The source and destination do not matter.
To do this, select "Any" for the source and destination.
Then provide a description for guidance.
For example: Allow all traffic through the OpenVPN tunnel.

Click Save.

Click: Apply Changes.

Firewall rule has been added.

To see also

Comments

No comment

Share your opinion

Pinned content

Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.