Configuring VPN win7 clients with pfsense
-
You need to
a) get the client to be able to find your public IP
b) have the client connect requests on the public IP forwarded to your pfSense WAN IP.
For (a) - register at one of the dynamic DNS providers, so you have a name (like mysite.dyndns-ip.com) that can always translate to your IP. Setup a Dynamic DNS entry in your pfSense so that the name gets kept up-to-date with your IP. Normally pfSense only checks/updates this once a day. You can adjust that daily job with the Cron package - http://forum.pfsense.org/index.php/topic,58085.msg310861.html#msg310861
For (b) - configure your DSL modem to forward your VPN listening port numbers (1194, 1195 whatever) to your WAN IP 192.168.2.5
(If you can't do this on the modem, then you will need to sort out how to put it in bridge mode, and get the real public IP onto your pfSense WAN port…)Then make your OpenVPN client config specify the remote server using the dynamic DNS name.
-
You need to
a) get the client to be able to find your public IP
b) have the client connect requests on the public IP forwarded to your pfSense WAN IP.
For (a) - register at one of the dynamic DNS providers, so you have a name (like mysite.dyndns-ip.com) that can always translate to your IP. Setup a Dynamic DNS entry in your pfSense so that the name gets kept up-to-date with your IP. Normally pfSense only checks/updates this once a day. You can adjust that daily job with the Cron package - http://forum.pfsense.org/index.php/topic,58085.msg310861.html#msg310861
For (b) - configure your DSL modem to forward your VPN listening port numbers (1194, 1195 whatever) to your WAN IP 192.168.2.5
(If you can't do this on the modem, then you will need to sort out how to put it in bridge mode, and get the real public IP onto your pfSense WAN port…)Then make your OpenVPN client config specify the remote server using the dynamic DNS name.
Hi…but why my guide did't mention any thing about what you said to me ?
Also is there a alternative for dynamic DNS ?
thank you .
-
@Raafat:
Hi…but why my guide did't mention any thing about what you said to me ?
Because you have a "Double NAT" (two devices doing NAT). This is not recommended.
@Raafat:
Also is there a alternative for dynamic DNS ?
Getting a static IP from your provider.
-
"Hi…but why my guide did't mention any thing about what you said to me ?"
Because the GUIDE assumes your pfsense WAN is on the public internet and not behind another router doing NAT.
As already mentioned you could setup this device in front of pfsense that is giving it its 192.168.2.5 and port forward the port your using for openvpn.
-
Hi guys…assuming i have a static public ip how will they change your guides .
thank you .
-
Getting a static IP only fixes problem a) (dynamic IP) you'd still have to do what phil.davis has posted above for problem b) (Double NAT).
The dynamic IP part is even described in the guide you used. So you're only left with either port forwarding or bridging which you have to do on your DSL modem.
-
Getting a static IP only fixes problem a) (dynamic IP) you'd still have to do what phil.davis has posted above for problem b) (Double NAT).
The dynamic IP part is even described in the guide you used. So you're only left with either port forwarding or bridging which you have to do on your DSL modem.
Hi…can i disable my modem' NAT ?
-
And which gateway do you have? I wish the terms would be used correctly, a "modem" does not do NAT.. If it a combo device of a modem and router (can do nat) then its a GATEWAY.. If does not have a modem then its just a router, etc.
If you tell use what is the model number of your "modem" and who your carrier is then we can look up if you can put the device in bridge mode – turn off nat..
-
a "modem" does not do NAT..
Hi…below what i have :
http://www.huaweidevice.com/br/productFeatures.do?pinfoId=660&directoryId=2663&treeId=663
but the last version (it's a router ).
thank you .
-
If its a modem and a router then its a gatway!
What is the model number – the HG510? I show an a model, a v model, just the 510... If your on the 520 there there even more model versions. Its real hard -- look on the device!!! What does it say for the model number?
-
-
Well that is sure not the last one one the url you sent ;)
Simple google found this
https://www.youtube.com/watch?v=pzPUxjPDW9Yand this
https://luciancovaci.wordpress.com/2012/07/19/adsl-romtelecom-configurare-in-bridge/And from the manual
Says to adjust the connection type to bridge in drop down combo box.. So clearly it supports it - I would highly suggest you just contact your isp and them them you want to put it in bridge mode and they can walk you through the steps. -
Well that is sure not the last one one the url you sent ;)
Simple google found this
https://www.youtube.com/watch?v=pzPUxjPDW9Yand this
https://luciancovaci.wordpress.com/2012/07/19/adsl-romtelecom-configurare-in-bridge/And from the manual
Says to adjust the connection type to bridge in drop down combo box.. So clearly it supports it - I would highly suggest you just contact your isp and them them you want to put it in bridge mode and they can walk you through the steps.thank you man
now all thing go correctlly but how will i make a VPN client a part of my network,meaning sees all people on my network ?
-
Guys help me…this is the last step of our topic .
i'm waiting you .
thank you .
-
I havent been able to get OpenVPN using TAP to work either as you can see from my post here http://forum.pfsense.org/index.php/topic,58724.0.html
I have got TUN working though, I can ping the pfsense firewall, ping other devices on the network and can even remote access onto my Win7 desktop and SSH to my linux servers from inside the lan.
It might pay to use TUN for now as I have seen some comments on this board that 2.0.x has some issues which might be affecting the TAP/Bridge mode, but these should be resolved when 2.1 is released. Alternatively you could try a beta of 2.1 if you fancy the risk.
-
Guys…i'm waiting you .
-
Waiting for what?
So now your pfsense has public IP on its wan? Then run through the openvpn wizard and your done.. Not sure what else you think you need to do?
What is not working now?
-
Waiting for what?
So now your pfsense has public IP on its wan? Then run through the openvpn wizard and your done.. Not sure what else you think you need to do?
What is not working now?
I'm waiting for this :i could see any device on my network (servers,printers,etc) .
-
Yeah once you vpn in, depending on what firewall rules you put in place you can access anything you want on your network. I vpn into my home network pretty much every day. I am on now - yes I can print to my printer if I want, I can remote desktop to any box on my network, I can access my file shares, etc. etc. etc.
D:>net view \storage.local.lan
Shared resources at \storage.local.lanMy storage server
Share name Type Used as Comment
–-----------------------------------------------------------------------------
J Disk
Media Disk
Molly Disk
temp Disk
The command completed successfully.Thats my NAS on my home network, while I am here at work.
-
Yeah once you vpn in, depending on what firewall rules you put in place you can access anything you want on your network. I vpn into my home network pretty much every day. I am on now - yes I can print to my printer if I want, I can remote desktop to any box on my network, I can access my file shares, etc. etc. etc.
D:>net view \storage.local.lan
Shared resources at \storage.local.lanMy storage server
Share name Type Used as Comment
–-----------------------------------------------------------------------------
J Disk
Media Disk
Molly Disk
temp Disk
The command completed successfully.Thats my NAS on my home network, while I am here at work.
So tell me what are rules will i use ?
thank you .
