Re: [pfSense-discussion] NAT on tun0 used with OpenVPN
On 11/13/06, Stefan Tunsch [EMAIL PROTECTED] wrote: The problem is that push route options need to be established on both sides of the tunnel. If I establish them only on one side, routing does not happen. Can you please confirm me that there is no way to route traffic from a local network through the OpenVPN client on pfSense and back if push options aren't established on both sides? Let me preface by saying I don't know much of anything about OpenVPN but after speaking with the author of the OpenVPN GUI code, here is his reply: Can you please confirm me that there is no way to route traffic from a local network through the OpenVPN client on pfSense and back if push options aren't established on both sides? To route traffic from a local network through the OpenVPN client, you can use a simple route in custom commands, for example. To push a route through the OpenVPN server, well, just push it, it should work as long as your client accepts pushes. Scott
Re: [pfSense-discussion] NAT on tun0 used with OpenVPN
I understand exactly what you are saying. The device does not exist until the VPN has actually been created. When I went through the same process 2 days ago I did exactly this.1. Configured/Established the OpenVPN connection2. Went to the assign option for interfaces3. Created an OPENVPN interface from tap04. Created an advanced outbound NAT mapping.Hope this helps.On 12 Nov 2006, at 23:53, Stefan Tunsch wrote:The issue is that it is NOT available after establishing the vpn. What can be the reason for this? Can it have something to do with using the Live-CD version?
RE: [pfSense-discussion] NAT on tun0 used with OpenVPN
The problem is that when I go to the assign option for interfaces the tap0 interface does NOT appear. I'm trying to do this AFTER creating the OpenVPN tunnel. If I go to the command prompt option and type ifconfig, I do see that there is a tun0 device. But I does not show up in any other place... Regards, Stefan De: Scott Roeder [mailto:[EMAIL PROTECTED] Enviado el: lunes, 13 de noviembre de 2006 8:43Para: discussion@pfsense.comAsunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN I understand exactly what you are saying. The device does not exist until the VPN has actually been created. When I went through the same process 2 days ago I did exactly this. 1. Configured/Established the OpenVPN connection 2. Went to the assign option for interfaces 3. Created an OPENVPN interface from tap0 4. Created an advanced outbound NAT mapping. Hope this helps. On 12 Nov 2006, at 23:53, Stefan Tunsch wrote: The issue is that it is NOT available after establishing the vpn. What can be the reason for this? Can it have something to do with usingthe Live-CD version? --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006
RE: [pfSense-discussion] NAT on tun0 used with OpenVPN
I have seen several posts in the forum stating that tun or tap interfaces should not be assigned to an interface of pfSense. That any/any firewall rules are automatically created when openvpn client establishes connection. And that no traffic will flow if static routes wheren't defined on BOTH sides of the tunnel. This supposes a problem for me. I have a centralized server infraestructure where an openvpn server is running. This server serves connections for different offices. If I have to set up static routes on the server to each of these offices, the first problem I have is that several of them are using the same network settings. In this scenario, I have to either make sure each office uses a different network or this will not work. It sounds strange not to be able to establish outbound natting on the tunnel. Not being able to establish firewall rules to control who gets access to the tunnel also sounds weird. Regards, Stefan -Mensaje original- De: Scott Ullrich [mailto:[EMAIL PROTECTED] Enviado el: lunes, 13 de noviembre de 2006 17:54 Para: discussion@pfsense.com Asunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN Tun0 is no longer used. Everything is handled automatically. See the forum where this has been hashed out quite a bit since 1.0. On 11/13/06, Stefan Tunsch [EMAIL PROTECTED] wrote: The problem is that when I go to the assign option for interfaces the tap0 interface does NOT appear. I'm trying to do this AFTER creating the OpenVPN tunnel. If I go to the command prompt option and type ifconfig, I do see that there is a tun0 device. But I does not show up in any other place... Regards, Stefan De: Scott Roeder [mailto:[EMAIL PROTECTED] Enviado el: lunes, 13 de noviembre de 2006 8:43 Para: discussion@pfsense.com Asunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN I understand exactly what you are saying. The device does not exist until the VPN has actually been created. When I went through the same process 2 days ago I did exactly this. 1. Configured/Established the OpenVPN connection 2. Went to the assign option for interfaces 3. Created an OPENVPN interface from tap0 4. Created an advanced outbound NAT mapping. Hope this helps. On 12 Nov 2006, at 23:53, Stefan Tunsch wrote: The issue is that it is NOT available after establishing the vpn. What can be the reason for this? Can it have something to do with using the Live-CD version? -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/531 - Release Date: 12/11/2006
Re: [pfSense-discussion] NAT on tun0 used with OpenVPN
On 11/13/06, Stefan Tunsch [EMAIL PROTECTED] wrote: I have seen several posts in the forum stating that tun or tap interfaces should not be assigned to an interface of pfSense. That any/any firewall rules are automatically created when openvpn client establishes connection. And that no traffic will flow if static routes wheren't defined on BOTH sides of the tunnel. This supposes a problem for me. I have a centralized server infraestructure where an openvpn server is running. This server serves connections for different offices. Route push options. Look in the forum where this is also talked about. If I have to set up static routes on the server to each of these offices, the first problem I have is that several of them are using the same network settings. In this scenario, I have to either make sure each office uses a different network or this will not work. It sounds strange not to be able to establish outbound natting on the tunnel. Not being able to establish firewall rules to control who gets access to the tunnel also sounds weird. This was a known problem going into 1.0. We cannot make everyone happy overnight. Scott
Re: [pfSense-discussion] NAT on tun0 used with OpenVPN
It will be available to add as an interface after you establish the vpn. Once you have done that it will work like any other nat config.On 12 Nov 2006, at 21:29, Stefan Tunsch wrote: Hi! I need to set up outbound natting on tun0. tun0 is the virtual interface created and used by an OpenVPN client on my pfSense machine. This interface (tun0) isn't available for creating rules, NAT, etc on the web interface of pfSense. How can I set up outbound NATTING for this interface? Regards, Stefan
RE: [pfSense-discussion] NAT on tun0 used with OpenVPN
The issue is that it is NOT available after establishing the vpn. What can be the reason for this? Can it have something to do with usingthe Live-CD version? De: Scott Roeder [mailto:[EMAIL PROTECTED] Enviado el: domingo, 12 de noviembre de 2006 22:33Para: discussion@pfsense.comAsunto: Re: [pfSense-discussion] NAT on tun0 used with OpenVPN It will be available to add as an interface after you establish the vpn. Once you have done that it will work like any other nat config. On 12 Nov 2006, at 21:29, Stefan Tunsch wrote: Hi! I need to set up outbound natting on tun0. tun0 is the virtual interface created and used by an OpenVPN client on my pfSense machine. This interface (tun0)isn't available for creating rules, NAT, etc on the web interface of pfSense. How can I set up outbound NATTING for this interface? Regards, Stefan --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.409 / Virus Database: 268.14.3/530 - Release Date: 11/11/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.14.3/530 - Release Date: 11/11/2006
