OK, I've been poking at this for 2 hours now and I can't figure out what I'm missing.
Internet-----------------WAN (em0)-------- |-----------|--------VMX0-----------(192.168.248.0/21)
Internet-----WAN (em0)----OpenVPN----|-----------|--------VMX1----------(192.168.0.0/24)
Interfaces in pfSense:
WAN (em0)
LAN (VMX0, 192.168.248.0/21)
VPN (VMX1, 192.168.0.0/24)
ovpnc1 (Virtual openvpn adapter)
My goal is for any traffic from the 192.168.0.1/24 network to only go through OpenVPN. I have also segregated this network on it's own adapter (VMX1) and vSwitch in ESXi. I do want to enable SELECTIVE traffic on specific ports to specific IPs to cross from 192.168.248.0/21 to 192.168.0.0/24. For now though, I'll settle for all traffic passing and restrict it later. I do want to make a DENY rule for anything on 192.168.0.0/24 to never be able to leave without passing through the ovnc1 adapter.
I have pfSense running as a VM, Everything works as expected but I can't get VMX1 (192.168.0.0/24) to connect to the internet. I know OpenVPN works because if I set a gateway in Firewall-->Rules-->LAN pass Any rule to the ovpnc1 gateway, all traffic from VMX0 (192.168.248.0/21) goes through it and my public IP changes (verified with WTF is my IP?!?!?? ). I also turned on Manual Outbound NAT and copied the rules to the ovpnc1 interface and NAT works for the 192.168.248.0 network.
The DHCP server on VPN (VMX1) is working assigns 192.168.0.100 to my ubuntu host, but it has no internet connectivity. ping 192.168.0.1 (address set in Interfaces-->VPN-->Static IPv4) works. ping 8.8.8.8 results in "Network is unreachable". I created a pass ANY protocol ANY destination from source network 192.168.0.0/24 in Firewall-->Rules-->VPN and set the gateway of ovpnc1.
What did I do wrong here or what did I forget to do? I thought about using static routes, but the ovnc1 adapter is a dynamic IP so I don't want my static routes to break every time it changes. I can screenshot stuff if needed, just let me know.
Thanks much!
Internet-----------------WAN (em0)-------- |-----------|--------VMX0-----------(192.168.248.0/21)
| pfSense |
Interfaces in pfSense:
WAN (em0)
LAN (VMX0, 192.168.248.0/21)
VPN (VMX1, 192.168.0.0/24)
ovpnc1 (Virtual openvpn adapter)
My goal is for any traffic from the 192.168.0.1/24 network to only go through OpenVPN. I have also segregated this network on it's own adapter (VMX1) and vSwitch in ESXi. I do want to enable SELECTIVE traffic on specific ports to specific IPs to cross from 192.168.248.0/21 to 192.168.0.0/24. For now though, I'll settle for all traffic passing and restrict it later. I do want to make a DENY rule for anything on 192.168.0.0/24 to never be able to leave without passing through the ovnc1 adapter.
I have pfSense running as a VM, Everything works as expected but I can't get VMX1 (192.168.0.0/24) to connect to the internet. I know OpenVPN works because if I set a gateway in Firewall-->Rules-->LAN pass Any rule to the ovpnc1 gateway, all traffic from VMX0 (192.168.248.0/21) goes through it and my public IP changes (verified with WTF is my IP?!?!?? ). I also turned on Manual Outbound NAT and copied the rules to the ovpnc1 interface and NAT works for the 192.168.248.0 network.
The DHCP server on VPN (VMX1) is working assigns 192.168.0.100 to my ubuntu host, but it has no internet connectivity. ping 192.168.0.1 (address set in Interfaces-->VPN-->Static IPv4) works. ping 8.8.8.8 results in "Network is unreachable". I created a pass ANY protocol ANY destination from source network 192.168.0.0/24 in Firewall-->Rules-->VPN and set the gateway of ovpnc1.
What did I do wrong here or what did I forget to do? I thought about using static routes, but the ovnc1 adapter is a dynamic IP so I don't want my static routes to break every time it changes. I can screenshot stuff if needed, just let me know.
Thanks much!
Last edited:
