Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN with Cellular WAN?

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 36 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      krismortensen
      last edited by

      Apologies; I may not be posting this in the right area..

      I'm looking to set up a VPN service that will allow me to use always on VPN on Windows machines for traffic filtering (I want them to have a full tunnel).
      The catch is that my network is set up with a cellular network as the WAN...it uses carrier grade NAT, and is by nature not listening on any ports to allow an inbound VPN client.
      I THINK what I need is a free, reliable, privacy honoring, cloud based VPN "bridge" that my pfsense can call out to, and the clients can connect to.

      1. Does anyone have better ideas of how to accomplish what I'm trying to do?
      2. If this idea seems reasonable, what cloud VPN/bridge service would you recommend?
      E 1 Reply Last reply Reply Quote 0
      • E Online
        elvisimprsntr @krismortensen
        last edited by elvisimprsntr

        @krismortensen

        Depends on your goals.

        I would stay away from any of the so called "Privacy" VPNs promoted by paid YouTube shills. Watch to find out why. https://www.youtube.com/watch?v=1opKW6X88og

        If your goal is to remotely access your network, use a VPN when connected to external untrusted networks, or to connect remote networks together, my recommendation is Tailscale configured on pfSense. pfSense has a Tailscale package you can easily install and configure.

        Tailscale has a free tier up to 3 users and 100 devices, does not require any port forwarding, and will traverse any level on NAT, including CGNAT. You only need a single instance of Tailscale running on your network to be able to access any device (including embedded devices) on your network remotely if you enable advertise subnet routes. You can easily enable full tunnel when selecting an exit node. Tailscale uses any number of identity providers and will run on almost any platform.

        K 1 Reply Last reply Reply Quote 0
        • K Offline
          krismortensen @elvisimprsntr
          last edited by

          @elvisimprsntr ok. I'll start looking for instructions on how to set up tailscale with pfsense and Windows. Do you think it matters that I only have a netgate 1100?
          Also, is it right that I would set up the pfsense as the exit node?

          E 1 Reply Last reply Reply Quote 0
          • E Online
            elvisimprsntr @krismortensen
            last edited by elvisimprsntr

            @krismortensen

            An 1100 might be a bit under powered for an encrypted VPN, but it should be functional. https://info.netgate.com/hubfs/website-assets/netgate-hardware-comparison-doc.pdf

            Wherever you host Tailscale, it should be on an always on device.

            I enable pfSense Tailscale instance as an exit node, which I can use to tunnel all my traffic through my home IP address when connected to untrusted networks.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.