From owner-freebsd-questions@freebsd.org Tue Sep 5 08:36:52 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DEF02E20C44 for ; Tue, 5 Sep 2017 08:36:52 +0000 (UTC) (envelope-from srs0=nurg=ag=mail.sermon-archive.info=doug@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id C92B22802 for ; Tue, 5 Sep 2017 08:36:52 +0000 (UTC) (envelope-from srs0=nurg=ag=mail.sermon-archive.info=doug@sermon-archive.info) Received: from [10.0.1.251] (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 3xmg775Rd9z2fjwg; Tue, 5 Sep 2017 01:36:51 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: openvpn From: Doug Hardie In-Reply-To: <4DAB2317-52AD-463E-891C-811BE7E9ED76@mail.sermon-archive.info> Date: Tue, 5 Sep 2017 01:36:51 -0700 Cc: Bruce Ferrell Content-Transfer-Encoding: quoted-printable Message-Id: <2FD03ABD-5F41-4479-B8D6-AEA76F8905F3@mail.sermon-archive.info> References: <440b79af-a159-1806-122e-155c26f42417@baywinds.org> <4DAB2317-52AD-463E-891C-811BE7E9ED76@mail.sermon-archive.info> To: "freebsd-questions@freebsd.org Questions" X-Mailer: Apple Mail (2.3273) X-Virus-Scanned: clamav-milter 0.99.2 at mail X-Virus-Status: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Sep 2017 08:36:53 -0000 > On 4 September 2017, at 23:33, Doug Hardie wrote: >=20 >>=20 >> On 4 September 2017, at 17:27, Bruce Ferrell = wrote: >>=20 >> Doug, >>=20 >> I use a pfsense firewall with an openvpn server installed. I connect = from Android, iOS, OS X, Windows and Linux. The vpn connection use a = separate subnet from my "normal" subnet and simply routed in. No port = forwarding needed that way. Because the pfsense firewall is the default = route, all server automatically are able to reach the vpn subnet because = all non-lan traffic goes there and is then directed as needed. >>=20 >> Bruce >>=20 >> On 09/04/2017 03:09 PM, Doug Hardie wrote: >>> I have a home LAN with a number of servers on it. I have one public = fixed IP address. I need to be able to access all the servers when away = from home. Openvpn appears to be the best approach as there is a client = available for ios which is what I carry. There is duplication of port = usage on multiple servers so just port routing in the router is not = viable. >>>=20 >>> I have installed openvpn on one server and will setup the port in = the router to route to it. However, there are a number of sample = configuration files provided and I can't figure out which is the best = one for me to use. My first thought was server.conf, but then = tls-office.conf or static-office.conf also look reasonable. >=20 > Thanks for the info. I am making headway on this. I used the = server.conf file and after a bit of horsing around with the key file, I = got a connection to work. However, there are still some routing issues = from the client to local machines. While everything works well with IP = addresses, DNS is an issue. Ios is still going to the internet for DNS. = I need to be able to tell it to "drop" the internet connection for = everything (except connectivity) and use the VPN or to use the VPN for = DNS. I am using routing, but wonder if bridging might be a better = approach. Headway just ended. Bridge mode is what I need. iOS does not support = bridge mode... Somehow I will need to figure out how to munge DNS to = give what I need. -- Doug