Install Pfsense
-
Okay, but then i can't reach my lan network and servers annymore right?
-
Why not? As long as you have firewall rules to allow it in your existing router it will work fine. Everything will be routed through that so traffic would not be asymmetric.
But as I say you can use NAT to avoid that.Steve
-
Would the subnet be the better option or the NAT?
-
Can i set that up in a netgear R7000, that firewall rules?
-
The separate subnet would IMO.
If it's in the same subnet then you have to either live with asymmteric routing and put in place rules to allow that. I have no idea if your existing router has that capability.
https://www.netgate.com/docs/pfsense/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.html
Or you NAT the VPN traffic leaving pfSense which means the LAN side resources cannot open connections to VPN clients only the other way around. Mostly that's not required though.Steve
-
Okay thanks, the second option would be very nice. Thanks for your help! How do i NAT the vpn traffic?
-
IMHO, if you're not going to replace your Internet router, don't add pfSense to run as a VPN server. You are adding a good amount of complexity to your network. You would need to do a good amount of reconfiguration on the pfSense router to get everything to work flawlessly. And if you run into any issues, the additional complexity is going to make troubleshooting all that more difficult.
Install a Linux box or something like that with OpenVPN running on it. That might be a better solution that is a lot more manageable.
Here is one example. Do some research and this might be a better solution for your network.
https://www.linux.com/blog/how-install-openvpn-centos-7
-
I would use pfSense here if you want OpenVPN. But I may be biased!
Obviously I'm very familiar with it.Steve
-
I would also use pfsense :). How do i NAT the VPN traffic ;)?
-
Actually it will do that by default if you only have one interface assigned and it has a gateway on it.
Try it and see.
Steve
