Part 3 - pfSense OpenVPN Server on VMWare ESXi for Layer 2 Bridge Client from Site A to Site B
Step 5 - Set up OpenVPN Server at site A
NOTE: Depending on which router/firewall you have as your next HOP before the internet the config will be different. You will need to create a regular UDP 1194 port forward from WAN > LAN to IP 192.168.2.253
a. Click VPN > OpenVPN and under the Server tab click
b. Set Server Mode to 'Peer to Peer (Shared Key), Protocol UDP, Device Mode TAP, Interface WAN, Local Port 1194 and set a description.
c. Leave Cryptographic settings as default - AES-128-CBC with no hardware Crypto.
d. Set tunnel network (any private network not being used on either side of your environment).
e. Under Tunnel Settings, enable Compression
f. Scroll to the bottom of the page and click Save
Step 6 - Assign the OpenVPN TAP Interface to a pfSense interface
a. Click Interfaces > (Assign)
b. Click
to add another interface. By default the name will be LAN. This is OK, we can change shortly. Click Save
c. Enable the new Interface by clicking Interfaces > LAN and ticking the 'Enable Interface' box
d. Set a new Description instead of LAN to something referencing Open VPN and Layer 2 Tunnel. Scroll to the bottom and click Save.
Step 7 - Allow All traffic through WAN interface of pfSense (Remember, this appliance is on a private network protected by a secure perimter firewall/router gateway device).
a. Click Firewall > Rules and under WAN click
and create a rule to Pass any WAN traffic and click save. Then click Apply Changes.
b. Click OVPNL2, then OpenVPN and create an allow all rule for each (the same as for WAN).
c. If you would like to block DHCP traffic (UDP 67 & 68) or any other traffic type from traversing the bridged L2 networks do so under the OVPNL2 tab. e.g.
Step 8 - Bridge the WAN interface with the OVPNL2 interface.
a. Click Interfaces > (assign) ,and then click the Bridges Tab
b. Click
and select both interfaces and click save
You're done! Site A. OpenVPN TAP Server Setup is Complete.
Read on below to setup your pfSense OpenVPN Client Virtual Appliance
Comments
Post a Comment