Netgate SG-1000 microFirewall

Author Topic: Two routers, one for DHCP and one for OpenVPN Server  (Read 110 times)

0 Members and 1 Guest are viewing this topic.

Offline rfx88

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Two routers, one for DHCP and one for OpenVPN Server
« on: December 28, 2017, 08:45:30 am »
Hi!

I have this setup at my home network:



I want my OpenVPN clients to be part of my home network. I want to be able to access them.

AC3200 is acting as my main gateway, and I want to use it as DHCP server for local and VPN clients.

I've set up a OpenVPN server (type: TAP) on Pfsense but I'm not sure about the config and I'm not sure that NAT is setup correctly.

  • Bridge DHCP:
    True: Allow clients on the bridge to obtain DHCP.
  • Bridge Interface:
    WAN
  • Redirect Gateway:
    True: Force all client generated traffic through the tunnel.
  • Inter-client communication:
    True: Allow communication between clients connected to this server
  • Custom options:
    push "redirect-gateway def1";push "route x.x.x.0 255.255.255.0"; push "route-gateway x.x.x.1"

Everytime I try to connect I get an error: Warning: route gateway is not reachable on any active network adapters: x.x.x.x

Ports are opened so that should not be a problem. I expect that it's NAT that is the issue but I'm no expert...

I appreciate your help!


« Last Edit: December 28, 2017, 08:50:21 am by rfx88 »

Online JKnott

  • Hero Member
  • *****
  • Posts: 1090
  • Karma: +43/-8
    • View Profile
Re: Two routers, one for DHCP and one for OpenVPN Server
« Reply #1 on: December 28, 2017, 09:06:23 am »
Quote
AC3200 is acting as my main gateway, and I want to use it as DHCP server for local and VPN clients.

VPN clients are generally assigned an address by OpenVPN.  Also, DHCP initially uses broadcasts, which are not normally routed.  This means when a VPN client issues a DHCP discover, it will not be passed to the DHCP server.  If you must use a DHCP server that's not on the local network, the usual practice is to use a relay agent.

Offline rfx88

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Two routers, one for DHCP and one for OpenVPN Server
« Reply #2 on: December 28, 2017, 11:14:16 am »
Quote
AC3200 is acting as my main gateway, and I want to use it as DHCP server for local and VPN clients.

VPN clients are generally assigned an address by OpenVPN.  Also, DHCP initially uses broadcasts, which are not normally routed.  This means when a VPN client issues a DHCP discover, it will not be passed to the DHCP server.  If you must use a DHCP server that's not on the local network, the usual practice is to use a relay agent.

Thanks. I've enabled it but there's no change.

I also removed routing from config. It now looks like this:

push "route-gateway x.x.x.1";