Date: Mon, 4 Sep 2017 23:33:38 -0700 From: Doug Hardie <bc979@lafn.org> To: Bruce Ferrell <bferrell@baywinds.org> Cc: freebsd-questions@freebsd.org Subject: Re: openvpn Message-ID: <4DAB2317-52AD-463E-891C-811BE7E9ED76@mail.sermon-archive.info> In-Reply-To: <440b79af-a159-1806-122e-155c26f42417@baywinds.org> References: <B5B396E9-FDA3-4B8D-A1BB-EBD5F66F5224@mail.sermon-archive.info> <440b79af-a159-1806-122e-155c26f42417@baywinds.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 4 September 2017, at 17:27, Bruce Ferrell <bferrell@baywinds.org> = wrote: >=20 > Doug, >=20 > I use a pfsense firewall with an openvpn server installed. I connect = from Android, iOS, OS X, Windows and Linux. The vpn connection use a = separate subnet from my "normal" subnet and simply routed in. No port = forwarding needed that way. Because the pfsense firewall is the default = route, all server automatically are able to reach the vpn subnet because = all non-lan traffic goes there and is then directed as needed. >=20 > Bruce >=20 > On 09/04/2017 03:09 PM, Doug Hardie wrote: >> I have a home LAN with a number of servers on it. I have one public = fixed IP address. I need to be able to access all the servers when away = from home. Openvpn appears to be the best approach as there is a client = available for ios which is what I carry. There is duplication of port = usage on multiple servers so just port routing in the router is not = viable. >>=20 >> I have installed openvpn on one server and will setup the port in the = router to route to it. However, there are a number of sample = configuration files provided and I can't figure out which is the best = one for me to use. My first thought was server.conf, but then = tls-office.conf or static-office.conf also look reasonable. Thanks for the info. I am making headway on this. I used the = server.conf file and after a bit of horsing around with the key file, I = got a connection to work. However, there are still some routing issues = from the client to local machines. While everything works well with IP = addresses, DNS is an issue. Ios is still going to the internet for DNS. = I need to be able to tell it to "drop" the internet connection for = everything (except connectivity) and use the VPN or to use the VPN for = DNS. I am using routing, but wonder if bridging might be a better = approach. -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DAB2317-52AD-463E-891C-811BE7E9ED76>