I have a simple setup - one LAN 192.168.1/24 subnet with a lot of IoT devices.
I'd like to add remote access with a VPN so I can login to my IoT devices and others remotely, from my Android smartphone/tablet and possibly Windows laptop. I'd also like to be able to remotely access the Opensense GUI so I can wake up hosts remotely.
I have to imagine this is a fairly common scenario. Is there a FAQ that covers this ?
I still like Kirk's guide, even though it's a bit vintage: https://www.kirkg.us/building-an-openvpn-server-with-opnsense/
If you still can, reconfigure your LAN to something like 10.74.109.0/24 or at least 192.168.98.0/24.
If you are at a friend's house/coffeeshop/library/etc. the chance of getting a DHCP address in 192.168.1.x are very high. Your phone will not access devices on the far side of the VPN if they are in a local subnet mask.
Bart...
Thank you ! It's not too late to change the subnet, but I have HomeAssistant configured with many IoT devices with static IPs. Also, changing all 150 reservations in Opnsense is a bit of a pain, though I suppose I can download the XML config manually and do a search/replace before restoring it.
Let me give it a go and see how many device configs I actually have to fix in HA to see if this is practical.
Quote from: bartjsmit on March 26, 2023, 10:32:14 AM
I still like Kirk's guide, even though it's a bit vintage: https://www.kirkg.us/building-an-openvpn-server-with-opnsense/
Indeed, it seems it doesn't match the current release.
Quote from: Kirk
In the OPNSense Web UI, go to VPN -> OpenVPN. Click on the Wizards tab
Where is the wizards tab ?
Quote from: madbrain on March 26, 2023, 10:51:06 PM
Where is the wizards tab ?
Found it. There is a wizard "icon".
I followed a video , also oudated, from https://www.youtube.com/watch?v=ocGAcZD8qYo .
I got my VPN working on Android client. I can connect when my phone is on cellular, and access my LAN hosts by their IPv4 address. So, at least the routing is working. DNS is not working, though. Neither mDNS (.local) nor .localdomain .
Not sure what I changed, but the regular DNS (.localdomain) started working . The mDNS doesn't. Google searches seem to point to that being really difficult to get to work with OpenVPN, if not impossible.
The m in mDNS stands for multicast and the vanilla OpenVPN tunnel is layer 3. You could try setting up a TAP device instead of TUN but here, there be dragons.
If you are looking to connect to a mDNS advertised service with a browser, you may have more luck running a web proxy inside your network and configure your Android to use that. Given sufficient resources, it should be able to run multiple browsers side by side.
Bart...
Thanks. The mDNS is really not required for VPN, would be a bonus if it was simple to setup, but it doesn't look like it, unfortunately.
I got the "redirect gateway" option to work. Now, the Firefox web browser on my Android client has its traffic redirected. Loading speedtest.net in that browser shows my pfSense WAN IP address.
But if I run the native Android Speedtest app, it still shows that it's on the T-Mobile network.
Is this a bug in the OpenVPN client ? Are there other types of VPN that will work for all traffic from my Android device, and prevent leaks/connections directly through the ISP?
That may be baked into the app. Is it T-mobile branded?
You could try installing a (trial) commercial VPN client on your phone and see if the speed test app behaves the same with that.
Bart...