Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    configure PFsense OpenVPN remotely with static WAN IP that will change

    OpenVPN
    2
    4
    285
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brianjmc1
      last edited by

      I need to setup a PFsense with OpenVPN remotely....

      I have a client site that currently is not running PFsense. I want to replace it with one that does.

      I was able to setup a PFsense including ipsec connections remotely, send to site, I had a person swap out the old router for PFsense and everything worked perfectly. They put the old one back. This was just to test - internet, ipsec tunnels(which can't be changed with parent company)

      I now need to add OpenVPN to the PFsense and trying to figure out the best way to do it?

      We have 5 static IP's, and only using one of them.

      I can have them hook up the PFsense and change the WAN address to one of the other statics WAN ip's using a laptop ethernet to LAN of PFsense, and wifi on guest network, so I can remotely work on, but When I swap out routers and change PFsense to correct WAN address, that will screw up on OpenVPN

      So what would be the best way to accomplish this?

      Thanks for your help!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @brianjmc1
        last edited by

        @brianjmc1
        You can configure the OpenVPN server to listen on localhost and forward the OpenVPN ports of multiple WAN addresses to 127.0.0.1.
        So it doesn't matter, which WAN IP the client tries to connect to, the packets are forwarded to the server.

        B 1 Reply Last reply Reply Quote 0
        • B
          brianjmc1 @viragomann
          last edited by

          @viragomann
          Thanks for the reply, so let me see if I understand....

          Live non PFsense router WAN 111.222.333.444

          replacement PFsense router WAN 111.222.333.445
          I setup all settings, ipsec tunnels as Live non PFsense router
          I then setup OpenVPN and configure clients
          I then change PFsense WAN to 111.222.333.444 and swap routers

          Now Live router is PFsense, again on 111.222.333.444(due to ipsec tunnels)
          If i configure OpenVPN server to listen on localhost and forward the OpenVPn ports of multiple WAN addresses to 127.0.0.1

          then this will work? sorry, need to digest this...
          Thanks,
          Brian

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @brianjmc1
            last edited by

            @brianjmc1
            Having the OpenVPN server listening on localhost with port forwardings is a way that clients can use different IPs to connect to a single server. These may also be assigned to different interfaces.

            I don't think, that this is really necessary in your case, however.
            I'd just setup all services to listen on the WAN IP, which is 111.222.333.445 during the setup, and then change it to 111.222.333.444.
            Therefor pfSense provides the WAN alias.

            Why do you think, that this would mess up something?

            I setup all settings, ipsec tunnels as Live non PFsense router

            I expect, that IPSec and any other client attempts to connect if enabled anyway.
            Maybe the remote site accepts only the origin router IP, so it will fail. But I would disable it till the old router is shut down.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.