VPN and Dedicated servers
-
Maybe this has been answered somewhere else and someone could direct me to the post. I am in Canada and have up until now not used a VPN with our laws potentially changing up here I am looking at using a VPN with my pfsense router. I don't mind if everything is all tunneled through the same server that's not an issues.
What I am wondering is if I can have a specific computer connected to the router not run through the VPN in order to run a dedicated server for games. Or will I need each computer to potentially connect to the VPN and not have the router itself run all the traffic through the VPN.
-
@tunnlrat you can absolutely have some computers run over the VPN and other run out the local WAN connection. What you are looking for is called policy based routing (PBR). Basically, once you have your VPN connection set up over OpenVPN or Wireguard or a VTI IPSEC, you create firewall rules that tell the router to direct traffic for a specific IP or an alias containing multiple IPs through the VPN gateway. The same can be done for other IPs and you'd specify the local WAN. Fairly simple to implement but oh so powerful.
-
@tunnlrat said in VPN and Dedicated servers:
if I can have a specific computer connected to the router not run through the VPN in order to run a dedicated server for games.
In this case, I would recommend a DMZ: http://www.netgate.com/resources/videos-creating-a-dmz-on-pfsense
-
@gabacho4 Perfect so I can just create a policy for the one system that does nothing but run my dedicated servers and the rest can all just run the the VPN.
Does having the router itself connecting to the VPN count as a single connection even if there are 10 items behind it all connecting through the router?
-
@tunnlrat as mentioned by @NollipfSense it might make sense to put your game server on another subnet or vlan for isolation from your main network.
In that case, you would just set a rule on the firewall tab for the server subnet/vlan which would be a allow TCP/UDP (or whatever protocols you need) from VLAN_NET to ANY.
For all your other devices on LAN or whatever you call it, you will want to create a allow any protocol from LAN_NET to ANY and then click the advanced button and go down to gateway and select the VPN gateway.
All your LAN traffic will go out over VPN while the server traffic will be out local WAN.
Also, I'd recommend that you go to System -> Routing and then make sure the WAN gateway is set as the default for your IPV4 and/or IPV6 traffic. T
-
BTW, I would highly recommend Wireguard for your VPN. Mullvad has a 5 buck a month service that has been great for me and they have a decent number of servers globally.
-
@gabacho4 Excellent this is exactly what I was hoping for. Now I just need to figure out what VPN I want to subscribe to. I am guessing pfsense doesn't have to use OpenVPN?
-
@tunnlrat read the message I posted right above your last. Wireguard is the way to go if you can. OpenVPN is solid as well but nowhere near as fast or simple to set up. Mullvad provides both OVPN and Wireguard though I have only used them for Wireguard. You just create the key, generate the config, then set your Pfsense box up based on the config file that is produced.
-
@gabacho4 any speed issues with wireguard? Due to me not being on fiber I am maxed out at 1 gig internet.
-
@tunnlrat Wireguard is the bomb. You'll get way better performance over it than you will OVPN. Performance will ultimately be based on the power of your router CPU but you will likely be able to push packets at a great rate per second.
