Date: Tue, 5 Sep 2017 01:36:51 -0700 From: Doug Hardie <bc979@lafn.org> To: "freebsd-questions@freebsd.org Questions" <freebsd-questions@freebsd.org> Cc: Bruce Ferrell <bferrell@baywinds.org> Subject: Re: openvpn Message-ID: <2FD03ABD-5F41-4479-B8D6-AEA76F8905F3@mail.sermon-archive.info> In-Reply-To: <4DAB2317-52AD-463E-891C-811BE7E9ED76@mail.sermon-archive.info> References: <B5B396E9-FDA3-4B8D-A1BB-EBD5F66F5224@mail.sermon-archive.info> <440b79af-a159-1806-122e-155c26f42417@baywinds.org> <4DAB2317-52AD-463E-891C-811BE7E9ED76@mail.sermon-archive.info>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 4 September 2017, at 23:33, Doug Hardie <bc979@lafn.org> wrote: >=20 >>=20 >> On 4 September 2017, at 17:27, Bruce Ferrell <bferrell@baywinds.org> = wrote: >>=20 >> Doug, >>=20 >> I use a pfsense firewall with an openvpn server installed. I connect = from Android, iOS, OS X, Windows and Linux. The vpn connection use a = separate subnet from my "normal" subnet and simply routed in. No port = forwarding needed that way. Because the pfsense firewall is the default = route, all server automatically are able to reach the vpn subnet because = all non-lan traffic goes there and is then directed as needed. >>=20 >> Bruce >>=20 >> On 09/04/2017 03:09 PM, Doug Hardie wrote: >>> I have a home LAN with a number of servers on it. I have one public = fixed IP address. I need to be able to access all the servers when away = from home. Openvpn appears to be the best approach as there is a client = available for ios which is what I carry. There is duplication of port = usage on multiple servers so just port routing in the router is not = viable. >>>=20 >>> I have installed openvpn on one server and will setup the port in = the router to route to it. However, there are a number of sample = configuration files provided and I can't figure out which is the best = one for me to use. My first thought was server.conf, but then = tls-office.conf or static-office.conf also look reasonable. >=20 > Thanks for the info. I am making headway on this. I used the = server.conf file and after a bit of horsing around with the key file, I = got a connection to work. However, there are still some routing issues = from the client to local machines. While everything works well with IP = addresses, DNS is an issue. Ios is still going to the internet for DNS. = I need to be able to tell it to "drop" the internet connection for = everything (except connectivity) and use the VPN or to use the VPN for = DNS. I am using routing, but wonder if bridging might be a better = approach. Headway just ended. Bridge mode is what I need. iOS does not support = bridge mode... Somehow I will need to figure out how to munge DNS to = give what I need. -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2FD03ABD-5F41-4479-B8D6-AEA76F8905F3>