New OpenVPN server - route entire network

Advanced feature discussion, beta programs and unsupported "Labs" features.
5 posts Page 1 of 1
by bubba198 » Mon May 27, 2019 7:57 pm
Hi guys, has anyone figured how to route an entire network using the new OpenVPN server where the NAT xlate is against the open VPN rather than the delivery end-point public IP?

The obvious use case is to route an entire private network behind the OpenVPN? Preferably Cisco ASA examples? Anyone out there?

Thanks
~B
by forest » Wed Jun 12, 2019 10:22 am
I have done it with Ubiquiti routers. The openvpn client knows how to take over the default route, so the idea is to run it on your network's internet router and configure the appropriate NAT and firewall rules. For more specific help, you might have better luck on a Cisco forum.
by bubba198 » Mon Sep 16, 2019 12:31 pm
Ok forget ASA, how about pfSense? Anyone out there? A modest pfSense VM doesn't take much resources and pfSense itself is super flexible as a firewall so it must work with OVPN server at sonic?

Thakns
by forest » Mon Sep 16, 2019 3:20 pm
As long as your router of choice has the openvpn 2.4 client and the ability to configure NAT on any network interface, it should be possible to get it working with Sonic's server. (Older openvpn versions don't support the minimum TLS requirement that Sonic recently imposed, though.)

I would expect pfSense, OpenWRT, VyOS, and most other decent routers to be capable, but since I don't use any of them in the way you're describing, I can't tell you how to go about it. It's pretty likely that the same is true for everyone else who happens to be reading this forum. Again, I think you'll have better luck finding someone to guide you through the setup if you ask on a router-specific forum.
by js9erfan » Mon Sep 23, 2019 9:39 pm
bubba198 wrote:
Ok forget ASA, how about pfSense? Anyone out there? A modest pfSense VM doesn't take much resources and pfSense itself is super flexible as a firewall so it must work with OVPN server at sonic?

Thakns


pfSense user here and yes, you can easily route your entire LAN (or just specific interfaces, vlans, clients, etc.) over Sonic's OVPN server.

Here are the general steps to do this within pfSense:

    Import your Sonic VPN certs
    Configure the Sonic VPN client
    Create a VPN interface (e.g. SonicVPN)
    Create your LAN firewall rule routing all outbound traffic to the SonicVPN interface (set as the gateway)
    Create an outbound NAT mapping (interface = SonicVPN; source = your LAN; NAT address = SonicVPN address)

I'm currently running 2 VPN clients on pfSense - Sonic's and PIA. 75% of my network clients route to Sonic; 25% to PIA based on my current needs.... I might be an FTTN customer but that doesn't mean I trust AT&T.

Speaking of Sonic's VPN, there was a long thread in this forum with lots of good info but looks like it got deleted for some odd reason.
5 posts Page 1 of 1

Who is online

In total there are 2 users online :: 0 registered, 0 hidden and 2 guests (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: No registered users and 2 guests