vpn router through pfsense without open vpn
-
I got expressvpn to work on 2.5.2 after many mistakes. expressvpn works but I lost several options from my install on wrt3200acm router. Can I connect the wrt3200acm router with expressvpn installed to pfsense and remove open vpn connection?
-
@elmo1943 said in vpn router through pfsense without open vpn:
expressvpn works but I lost several options from my install on wrt3200acm router.
Which ones?
You can enter any OpenVPN option into the Advanced options box.Can I connect the wrt3200acm router with expressvpn installed to pfsense and remove open vpn connection?
That's possible for sure, but you should put the wrt into a transit network, separated from your LAN and add a static route for the OpenVPN tunnel network to pfSense for proper routing.
-
Mmm, I wouldn't expect there to be any VPN options you can't do in pfSense.
You mean some wifi function?
Steve
-
@stephenw10 The ability to change locations with ease is the biggest problem (not that big). The wifi is via external wifi router in AP mode. I only have one internet access and I would like to surf, etc. with pfsense with pfblockerng and conduct banking, etc. with vpn (expressvpn). According to expressvpn, security on expressvpn is better than open vpn for banking use. I had expressvpn running on 2.5.2 but everything was on vpn, I am in Okinawa and sometimes link to San Francisco is not good.
-
@elmo1943 said in vpn router through pfsense without open vpn:
According to expressvpn, security on expressvpn is better than open vpn for banking use
Umm...ExpressVPN is OpenVPN.
Also I would argue the security is really no different. The secure part that matters is end-to-end between your client and the banks servers. The only thing you're really gaining there is hiding the traffic completely from your ISP. They only see your traffic to ExpressVPN. But you're just shifting that to ExpressVPN who are then able to see whatever your ISP could.
I will agree there is no quick/easy way to change the VPN servers a client connection uses on pfSense. At least not while keeping the same policy routing rules etc.
You can define several clients, one to each server, and just enable the one you want. You would need duplicate routing rules for each one though.Steve
-
Thank you. What I was trying to do is replace the two router (lan to wan) with the 'end' router having expressvpn loaded system. I wanted to replace the 'first' router with pfsense and connect the 'second' router to pfsense allowing expressvpn for the bank and expresvpn wifi for USA paid services, I am in Japan. Two router system works, but I would like to use pfsense as firewall and pfblockerng to get rid of page of adds. Than you for your help, elmo
-
pfSense will not prevent another device behind it creating an OpenVPN connection. Not unless you have specifically blocked it.
-
@stephenw10 Thank you, I think what you said is that I should be able to connect my vpn router wan port to the pfsense opt1 port and configure pfsense to allow vpn router to connect to vpn server in San Francisco. I had expressvpn working on 2.5.2 after assigning only google servers and disable of ipv6, but was not happy with internet surfing (many adds via vpn). I will read and try more to make this work.
Thank you for the information, elmo -
Ok, if you connect it in front of pfSense (to the the pfSense WAN) you will need some way to determine which traffic goes over the VPN. By default pfSense will NAT all the traffic to it's WAN IP so the upstream router would not see the source IP which would typically be used to determine that. Trying to route it by destination IPs can be a losing game as IP lists change continually.
Steve
-
@stephenw10 Thank you, I may have to think if I need to do this. I really want to use the wifi on the vpn router. I am using my old router wifi as an AP but the vpn router (wifi) goes to different places. Pain to move the modem cable from pf to vpn router when I need vpn. Thank you for your guidance, I will have to rethink this, elmo
-
@elmo1943 said in vpn router through pfsense without open vpn:
I had expressvpn working on 2.5.2 after assigning only google servers and disable of ipv6, but was not happy with internet surfing (many adds via vpn).
You can have Unbound use the VPN for it's queries so still use pfBlocker locally. But swapping between that and a direct connection is not easy.
Steve
-
@stephenw10 Thank you, I did not know of this. It is back to reading on how to configure unbound (many things I do not know). Thank you for your thoughts. pfsense has many things that are not in the books, at least not that I understand what they do. elmo
