R
R
Ruslan Samara2018-11-04 09:22:00
openvpn
Ruslan Samara, 2018-11-04 09:22:00

How to properly install openvpn server on the network?

Good afternoon. The task is that you need to put a pfsense server working as an OpenVPN client on a remote network. There are 2 options, but I don’t really know how best to do it and how to do it right. The network has a Kerio server that will raise the Internet, distribute ip and security policies are configured there. I don't want to remove it completely.
1. (Provider) => (openvpn pfsense) => (kerio) => (network)
In the first option, do I understand correctly that you need to raise the Internet and distribute DHCP with pfsense, but then what should be done on kerio? Configure the wan interface as a local ip address, and lan should have ip wan in the gateway? and specify in DHCP that the gateway for the PC on the network was kerio? Or do you need to do something different?
2. (Provider)=>(kerio)=>(network)=>(within openvpn pfsense network)
In the second option, as I understand it, you can leave everything as it is, you just need to forward the port for the openvpn client and it will rise in the same way, only in the ovpn settings you need to specify that openvpn starts from the lan interface. Is there anything else that needs to be configured? After all, even if Ovpn rises, he must somehow distribute virtual ip addresses to clients on the network? For this, what needs to be done?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
D
Drno, 2018-11-04
@lkmrus

For the openvpn client, you only need to open a port to outgoing by the openvpn port number. You can put it behind any NAT, it will work. And it's not clear what task the openvpn client should perform ...

R
res2001, 2018-11-04
@res2001

Usually use the second option or the third.
The third is when a VPN server is also deployed on the gateway (you have Kerio).
At the expense of distributing addresses inside the VPN - this functionality is built into the OpenVPN server, address ranges are configured in the config, nothing else needs to be raised.
The first option is that the VPN server is open to attacks from the outside, there you will have to configure the firewall in almost the same way as Kerio. And this already turns this option into the third one :-) and kerio is no longer needed.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question