Skip to content

Instantly share code, notes, and snippets.

@jamesmr89

jamesmr89/gist:77851acecda208ecc780

Created January 10, 2015 19:12
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jamesmr89/77851acecda208ecc780 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jamesmr89/77851acecda208ecc780 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. jamesmr89 revised this gist Jan 10, 2015. 1 changed file with 5 additions and 1 deletion.
    6 changes: 5 additions & 1 deletion gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -20,6 +20,8 @@ External Subnet = 192.168.3.0
    Internal IP = 192.168.1.0/24
    Destination = 192.168.2.0/24

    Create appropriate firewall rules on the OpenVPN interface

    Site B
    OpenVPN Client
    LAN 192.168.1.1
    @@ -30,4 +32,6 @@ add a new entry with the following settings
    Interface = Openvpn
    External Subnet = 192.168.2.0
    Internal IP = 192.168.1.0/24
    Destination = 192.168.3.0/24
    Destination = 192.168.3.0/24

    Create appropriate firewall rules on the OpenVPN interface
  2. jamesmr89 created this gist Jan 10, 2015.
    33 changes: 33 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,33 @@
    Goal of this document is to describe how to setup a vpn tunnel with two pfSense boxes having the same LAN subnet, for the purpose of this doc we'll use 192.168.1.1/24 on both firewalls LAN interfaces

    We have to make some dummy networks here to NAT to so as far as Site A will be concerned, site B will be 192.168.2.0/24, and as far as Site B is concerened site A will be 192.168.3.0/24

    SiteA (LAN 192.168.1.1)
    OpenVPN Server:
    Standard Setup and we'll use 10.0.1.0/24 as the Tunnel Network (I can elaborate here later)
    Under advanced settings add these lines:
    push "route 192.168.3.0 255.255.255.0";
    route 192.168.2.0 255.255.254.0; ### Site B LAN

    Then under the OpenVPN Client Specific Overrides tab we'll add the following lines to the Advanced section for the SiteB CSO:
    iroute 192.168.2.0 255.255.254.0;
    ifconfig-push 10.0.1.253 10.0.1.254 # Optional but makes the client always connect with the same IP

    1to1 NAT: Firewall > NAT > 1to1 tab
    add a new entry with the following settings
    Interface = Openvpn
    External Subnet = 192.168.3.0
    Internal IP = 192.168.1.0/24
    Destination = 192.168.2.0/24

    Site B
    OpenVPN Client
    LAN 192.168.1.1
    This side is really simple, we just create a client to connect to the server and the advanced section is blank

    1to1 NAT: Firewall > NAT > 1to1 tab
    add a new entry with the following settings
    Interface = Openvpn
    External Subnet = 192.168.2.0
    Internal IP = 192.168.1.0/24
    Destination = 192.168.3.0/24