Pfsense right solution for me?
-
I want to setup a cloud service for volunteers of the organisation that I am also volunteering for :D I wanted to use a Synology NAS for this cloud service and as a VPN service as I don't want to expose too much to the internet. The SynoLocker thing has made me think more about security and together with some other stuff my trust in safety of Synology's DSM is not so rock solid anymore. So no more use for the NAS as a VPN. Someone pointed me to pfsense and this might seem to be what I am looking for.
I want to use a seperate VPN server for people to gain access to the cloud service. pfsense can also act as a firewall so people do not need to pass the firewall to get to the VPN server in the first place. My first question is: is pfsense the right solution for me to replace the firewall function of the consumer router and at the same time act as a VPN server?
Second is, how would I go and do this? pfsense can also act as a router so I could also use it for routing and NAT. Then I would only use the current consumer router as switch and wireless AP and leave routing/NAT, firewall and AP to pfsense. Would this be as easy to use and configure as a consumer router? As I see it I have 2 options:
and
What would I need to configure on the consumer router? Would I need to forward some ports on the router? Can I also configure to which internal hosts the VPN server can route logged-in users? Ideally I would want VPN users only to be able to access the NAS.
Thanks.
-
What you want is a fairly common configuration. You want to put your Wifi AP into bridge mode and turn off its DHCP server. pfSense can do everything else. As for ease of configuration, that depends on your knowledge but it isn't completely simple. You will need to configure the DHCP server on pfSense, configure OpenVPN and create your client install packages, then create firewall rules to restrict the VPN traffic to just the Synology. DHCP is not too tough, but OpenVPN and firewall rules may take some trial & error. Depending on your link speed and the bandwidth demands of your VPN clients, you may need to enable traffic shaping to prevent them from sucking up all your bandwidth. That's a tricky topic as well. These forums are a great source of help and information though. You can learn a lot by just lurking and reading. There is also a paid support option available.
-
pfSense can easily do that.
-
Thanks for the answers.
KOM, bandwidth control can also be done by the Syno untill I can get it to work on pfsense. The only purpose of the VPN is to let users connect to the Syno for the cloud service. They will connect based on their own username and password. On the Syno I can configure guaranteed and maximum bandwith per user. That will give me some time to figure it out on pfsense.