Code: Select all
CentOS OVPN GCE Gateway pfSense Client LAN
(eth0 <--> br0) <--> 10.250.0.1 <-WAN/VPN-> WAN0 <--> (BRIDGE0 <--> LAN0) <--> NAT
( 10.250.0.2 ) ( 10.0.0.1 ) 10.0.0.0/24
The first couple are relatively straightforward, but for the third you could ///add a route on the server to the client LAN like this:Including multiple machines on the client side when using a bridged VPN (dev tap)
This requires a more complex setup (maybe not more complex in practice, but more complicated to explain in detail):
You must bridge the client TAP interface with the LAN-connected NIC on the client.
You must manually set the IP/netmask of the TAP interface on the client.
You must configure client-side machines to use an IP/netmask that is inside of the bridged subnet, possibly by querying a DHCP server on the OpenVPN server side of the VPN.
# ip route add 10.0.0.0/24 dev br0
The only problem is that I can't figure out how to put that in server.conf or client.conf to get it to happen automagically.
Here is server.conf:
Code: Select all
proto udp
dev tap0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.250.0.2 255.255.255.0 10.250.0.100 10.250.0.254
push "route 10.250.0.0 255.255.0.0"
client-config-dir ccd
client-to-client
push "route 10.0.0.0 255.255.255.0 10.250.0.2" ;<---- i don't think this is right. in console i set the ip and mask on the br0 iface for it to work
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 5