Pfsense openvpn and bridge mode. Server and client

Hi to all.
I have some problem understanding the openvpn via pfsense, i know that in the server side i need to let pfsense grab the external ip via Bridging the modem.
But what i dont understand is in the client side, the client(for now there is not a pfsense box. In the near future i build it, but only a common isp Given modem/router/ap/switch
That i cannot put in bridge mode because there is not the setting.) the client need to have the external ip for the wan?
Because my goal is to have a site to site openvpn between the server and client pfsense. I need sometime to access the client side when i am in the server place and vice versa.
The problem is that if the external ip is required in the client pfsense i cannot do It with the current modem.
Thanks for your time guys.



It’s actually easier than you are thinking. As long as the server side has a direct port forwarded from the internet, the client doesn’t seem to matter.

At work I have my openVPN server, this sits behind the college’s firewall. They forward a port from their firewall to me on the connection provided and I set the openVPN settings to use this port (firewall rules, etc., example port 8100)

At home I have a second pfsense machine and run the client side of the site to site. I simply specified the DNS name of the college’s website and the port number (example, and everything works. My home pfsense is also behind another home firewall/router and I did not need to forward any ports at home. That said uPnP is active on the home router, not sure it is doing anything.

Once the tunnel is connected, I can “talk” to any computer on the opposite side (home to work, or work to home). My only issue during this entire setup was configuring the tunnel address space. Do not assign anything bigger than a /24 network, I had a /16 and the tunnel would never work properly. As soon as I fixed it, everything came to life. I did need to use TCP for the connection, I do not have udp port 8100 forwarded from the college firewall.

Again port 8100 is just an example, not the real port I use, but I do use a non-standard port for this because it was already being forward from the college firewall.

Thanks for your Replay Greg,
So if i cannot put my server side modem in bridge mode to pass the external ip to pfsense i have to froward a port on my server side openvpn? And this same port i have to set as the open vpn port for the connection?
And another question, my server side have not an external static ip, but i have a dynamic dns with no-ip. How i have to use the ddns? Where i have to use the ddns during the setup of the tunnel connection?
Thanks :slight_smile: