Title: OpenVPN Routed Mostly Working Post by: Syntax42 on Tuesday 07 May 2013, 11:34:39 pm I finally managed to assign VPN users a subnet separate from my primary network and make the firewall perform the correct routing. The only issue I'm having is that I can't access the web interface or SSH into the firewall from the VPN connection even though I can ping the firewall's internal IP address. This isn't necessarily a bad thing, as it improves security if the VPN tunnel is compromised, but it prevents me from performing administration remotely.
Here's how I did it: In OpenVPN configuration, the bridged mode should not be checked. The subnet of the VPN users should be different from the subnet of the internal network. Remote users should also be on a different local subnet. The easiest way to avoid subnet conflicts is to not use common subnets on your side which end in 0 or 1 like 192.168.1.0/24. In the advanced tab of OpenVPN, I added the internal network to be pushed to clients. In network routing, I added two static routes. The first was from my VPN subnet to my internal subnet with a gateway of 0.0.0.0. The second was reversed with the same gateway. If anyone notices any major issues with doing the above, please let me know. Also, if you know how to make the firewall's web interface accessible, I would appreciate it. |