bc979 at lafn.org
Tue Sep 5 08:36:53 UTC 2017
> On 4 September 2017, at 23:33, Doug Hardie <bc979 at lafn.org> wrote:
>> On 4 September 2017, at 17:27, Bruce Ferrell <bferrell at baywinds.org> wrote:
>> I use a pfsense firewall with an openvpn server installed. I connect from Android, iOS, OS X, Windows and Linux. The vpn connection use a separate subnet from my "normal" subnet and simply routed in. No port forwarding needed that way. Because the pfsense firewall is the default route, all server automatically are able to reach the vpn subnet because all non-lan traffic goes there and is then directed as needed.
>> On 09/04/2017 03:09 PM, Doug Hardie wrote:
>>> I have a home LAN with a number of servers on it. I have one public fixed IP address. I need to be able to access all the servers when away from home. Openvpn appears to be the best approach as there is a client available for ios which is what I carry. There is duplication of port usage on multiple servers so just port routing in the router is not viable.
>>> I have installed openvpn on one server and will setup the port in the router to route to it. However, there are a number of sample configuration files provided and I can't figure out which is the best one for me to use. My first thought was server.conf, but then tls-office.conf or static-office.conf also look reasonable.
> Thanks for the info. I am making headway on this. I used the server.conf file and after a bit of horsing around with the key file, I got a connection to work. However, there are still some routing issues from the client to local machines. While everything works well with IP addresses, DNS is an issue. Ios is still going to the internet for DNS. I need to be able to tell it to "drop" the internet connection for everything (except connectivity) and use the VPN or to use the VPN for DNS. I am using routing, but wonder if bridging might be a better approach.
Headway just ended. Bridge mode is what I need. iOS does not support bridge mode... Somehow I will need to figure out how to munge DNS to give what I need.
More information about the freebsd-questions