Setup pfSense as a VPN server
-
Re: Connect VPN Clients to Local network behind other client...
Hi everyone, I'm a beginner with psfense , i use a mikrotik as a main gateway and i want to set up a pfsense as vpn server (using a openvpn), i already configured a kind of ways a pfsense (with just one interface or two ) but doesn't work. When i use two interface (wan and lan) i just can connect a Lan that belong a pfsense, and can't connect on my main LAN
My structure :
Internet -> mikrotik-> LAN ->WANpfsense ->pfsense()-> LAN pfsense(but i don't use this)Please someone can help me?
-
Why don't you replace the mikrotik with pfSense? It much easier to run a VPN server on the edge router than behind in the LAN.
-
@viragomann
hi, i already use that mikrotik a long time ago it' a CCR model, somewhat expensive to be desabled, so i want just separate some services, and i also think that part of the firewall was easier to manage. -
Running the VPN server behind the router needs more configuration work. However, basically it's doable.
Is the a possibility to connect pfSense to the mikrotik on a separate network aside from LAN? It could be a VLAN over your LAN, but that would enable a better routing.
-
yes, there is a possibility. I'll try to do that . Can I set up the pfsense with just interface WAN to do that ?
-
You only need one interface on pfSense, that can be WAN or LAN. If you use WAN you have to uncheck "Block private networks" in the interface settings, otherwise you can't access the OpenVPN server.
-
On the mikrotik forward the OpenVPN packets to pfSense.
Further set a static route for the VPN tunnel network pointing to pfSense.On pfSense just set the mikrotik as default gateway.
-
@viragomann said in Setup pfSense as a VPN server:
You only need one interface on pfSense, that can be WAN or LAN. If you use WAN you have to uncheck "Block private networks" in the interface settings, otherwise you can't access the OpenVPN server.
Edit:
I'd prefer to use the LAN here, cause it's pre-configured to access the WebGUI. -
hi, thanks só much for help, i was trying create without create vlan first and i realy don't know wy it doesn't worked. So, I create a vlan separated and did the same configuration as before using just WAN and it works, little bit slow but works, thanks