HOW TO pfSense OpenVPN Client on VMWare ESXi for Layer 2 Bridge Client from Site B to Site A
Step 1 Follow Part 1 & Part 2 of HOW TO pfSense 2.0.3 on VMWare ESXi acting as an OpenVPN Layer 2 Bridge from Site A to Site B
The only things you will need to change are IP address for client site to 192.168.2.251 for pfSense client and set your physical router/firewall to 192.168.2.252
Part 1 - HOW TO pfSense OpenVPN Server on VMWare ESXi...
Part 2 - HOW TO pfSense OpenVPN Server on VMWare ESXi...
Step 2 -Add OpenVPN Client Configuration to the pfSense appliance
a. Click VPN > OpenVPN and click the client tab and click
to add new config
b. Set client credentials
c. Untick autogenerate Key and copy and past the key generated when setting up the server to the client
d. Set the Tunnel Network to match the server and enable Compression. Scroll to the bottom and click Save
Step 3 - Assign the OpenVPN TAP Interface to a pfSense interface
a. Click Interfaces > (Assign)
b. Click
to add another interface. By default the name will be LAN. This is OK, we can change shortly. Click Save
c. Enable the new Interface by clicking Interfaces > LAN and ticking the 'Enable Interface' box
d. Set a new Description instead of LAN to something referencing Open VPN and Layer 2 Tunnel. Scroll to the bottom and click Save.
Step 4 - Allow All traffic through WAN interface of pfSense (Remember, this appliance is on a private network protected by a secure perimter firewall/router gateway device).
a. Click Firewall > Rules and under WAN click
and create a rule to Pass any WAN traffic and click save. Then click Apply Changes.
b. Click OVPNL2, then OpenVPN and create an allow all rule for each (the same as for WAN).
c. If you would like to block DHCP traffic (UDP 67 & 68) or any other traffic type from traversing the bridged L2 networks do so under the OVPNL2 tab. e.g.
Step 8 - Bridge the WAN interface with the OVPNL2 interface.
a. Click Interfaces > (assign) ,and then click the Bridges Tab
b. Click
and select both interfaces and click save
.
You're done! Site B. OpenVPN TAP Client Setup is Complete.
You should now see the OpenVPN connection online by clicking on both Server and Client side, Status > OpenVPN
The only things you will need to change are IP address for client site to 192.168.2.251 for pfSense client and set your physical router/firewall to 192.168.2.252
Part 1 - HOW TO pfSense OpenVPN Server on VMWare ESXi...
Part 2 - HOW TO pfSense OpenVPN Server on VMWare ESXi...
Step 2 -Add OpenVPN Client Configuration to the pfSense appliance
a. Click VPN > OpenVPN and click the client tab and click
to add new configb. Set client credentials
c. Untick autogenerate Key and copy and past the key generated when setting up the server to the client
d. Set the Tunnel Network to match the server and enable Compression. Scroll to the bottom and click Save
Step 3 - Assign the OpenVPN TAP Interface to a pfSense interface
a. Click Interfaces > (Assign)
b. Click
to add another interface. By default the name will be LAN. This is OK, we can change shortly. Click Savec. Enable the new Interface by clicking Interfaces > LAN and ticking the 'Enable Interface' box
d. Set a new Description instead of LAN to something referencing Open VPN and Layer 2 Tunnel. Scroll to the bottom and click Save.
Step 4 - Allow All traffic through WAN interface of pfSense (Remember, this appliance is on a private network protected by a secure perimter firewall/router gateway device).
a. Click Firewall > Rules and under WAN click
and create a rule to Pass any WAN traffic and click save. Then click Apply Changes.b. Click OVPNL2, then OpenVPN and create an allow all rule for each (the same as for WAN).
c. If you would like to block DHCP traffic (UDP 67 & 68) or any other traffic type from traversing the bridged L2 networks do so under the OVPNL2 tab. e.g.
Step 8 - Bridge the WAN interface with the OVPNL2 interface.
a. Click Interfaces > (assign) ,and then click the Bridges Tab
b. Click
and select both interfaces and click save.You're done! Site B. OpenVPN TAP Client Setup is Complete.
You should now see the OpenVPN connection online by clicking on both Server and Client side, Status > OpenVPN
Huge thanks for this! I had followed this http://forum.pfsense.org/index.php/topic,38605.0.html?PHPSESSID=b12de3a644b8183947f0494d1c3253bb tutorial
ReplyDeleteand could not work out why it wasnt working. Then I read "disable promiscuous mode" and BINGO!
It was driving me nuts. Thanks again man we now have a plausible solution for our new Veeam DR Site.
You're most welcome. I'm glad the information was useful to you.
ReplyDelete