PfSense OpenVPN Server Firewall rules

Hi everybody!

I use PfSense at home for my private Network. The company i work for also use PfSense which i manage. I have set up an peer 2 peer TLS/SSL connection and got it up and running with out problems.
Now i’d like to do two things.

  1. On my private pfsense box i want to set up a seperat nic for openvpn and have that as my homeoffice network connection, so i cant access the openvpn from my private network.
  2. Configure the OpenVPN server box to only allow openvpn connections from spesific ip.

This is a little more advanced than i’ve been using the pfsense until now, but i cant seem to find any “tuts” or howtos on how to achive this, or i’ve not understod the ones i have found.
So i was hoping to have som better luck in here.

Kind Regards
Kjell-Arne, Norway

If I understand you correctly you basically want to control how you access your company network so that other users do not end up dialing into the office.

I’d guess there are multiple ways of doing this but it’s no different to setting up a paid-VPN and routing all traffic through it ensuring there are no leaks.

I’d buy a managed switch, create a company vlan then route all traffic through your company VPN gateway. Then any machine you connect on that vlan will go to the office. That’s easy if you have your work laptop and only use it for work stuff.

Then use rules to manage which vlans can see which. You can also use static routes to route traffic but you need to set this up correctly.

The other way is to remove your site to site VPN, and use an OpenVPN client on the laptop to dial into the office.

If you do it by other “ways” there is always a chance another machine accesses the company using your credentials :wink:

There is probably a way to do it as you want but it looks cumbersome with no flexibility. If your work colleague pops round and you both want to dial in then you have to apply more effort to make it work, for example.