OpenVPN Freebsd, allow access to another subnet

Question

example config for server and system

mrmucha · Answer

1. openvpn subnet 176.16.50.0, gateway 172.16.5.1

port 1194
proto udp
dev tun

ca /usr/local/etc/openvpn/server/ca.crt
cert /usr/local/etc/openvpn/server/issued/server.crt
key /usr/local/etc/openvpn/server/private/server.key
dh /usr/local/etc/openvpn/server/dh.pem


topology subnet
mode server
tls-server

push "topology subnet"

ifconfig 172.16.50.1 255.255.255.0
ifconfig-pool 172.16.50.2 172.16.50.250

route 172.16.0.0 255.255.0.0
route-gateway 172.16.50.1

push "route-gateway 172.16.50.1"
push "route 172.16.0.0 255.255.0.0"
push "dhcp-option DNS 1.1.1.1"

client-to-client

keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append  /var/log/openvpn/openvpn.log
verb 1
explicit-exit-notify 1
auth sha512
remote-cert-tls client
tls-auth /usr/local/etc/openvpn/server/ta.key

sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

3. edit /etc/pf.conf

nat on vtnet1 from 172.16.50.0/24 to any -> vtnet1

vtnet1 is interface where is connected other subnet from 172.16.X.X, example 172.16.5.15 or other ip, 176.16.50 is vpn subnet

4. reload

pfctl -f /etc/pf.conf