OpenVPN Server help - pfsense behind another router/fw, how to configure?
pducharme last edited by
I have a client with a Ubiquiti Network Router (that i'm the admin, so I can add route, port forward, create DMZ, etc.). I also have an old repurposed GateProtect GPO-75 that I installed PfSense 2.3.5 (32bit) because the GPO75 run a VIA 500Mhz 32bit CPU. The plan is to only use the Pfsense box, behind the current Ubiquiti Router as a OpenVPN server and from the client (me from home), have access to the Servers, printers, etc. that are on the LAN of the client.
The thing is that all tuto I read assume that you use the pfsense box as the router, but it's not my case… Also, it's my first time with pfsense and there is so much stuff in the configuration page that i'm totally lost !
Any guidance from a pro would be appreciate!
Some details :
Ubiquiti Router have a ISP Static IP on the WAN. The LAN side of the Ubiquiti is 192.168.123.x (the router itself is .254 in that range). The GPO75 running pfsense was reset to factory because I tried so much thing that it wasn't working anymore hehe. I can assigne a static IP in the 192.168.123.x range on the LAN1 or OPT1. The WAN, I suppose need to be disabled (?).
thanks in advance !
The pfsense should not be in the LAN in this case, set up a transfer network between the router and pfSense instead and forward the incoming vpn packets to pfSense.
So connect the pfSense only with the WAN port to the router. In the WAN interface settings enter the routers IP out off the transfer network in the gateway box. Uncheck "Block private networks".
On pfSense set up the OpenVPN server and filter rules to allow access or use the wizard.
On the router add a static route for the vpn tunnel network pointing to pfSense and ensure the the access is allowed.
That should be all to get it work.
pducharme last edited by
So, your saying that I should not connect the PFsense box LAN but instead connect the WAN port to what, the Router or the LAN switch ?? Can you elaborate on the "set up a transfer network between the router and pfSense instead and forward the incoming vpn packets to pfSense.
So connect the pfSense only with the WAN port to the router. In the WAN interface settings enter the routers IP out off the transfer network in the gateway box" ?
What is a transfer network ? I setup that in pfsense or in the current router ?
i'm such a newbie in this stuff !
It should look like at the attached drawing.
Connect pfSense neither to LAN nor to WAN. The transfer network has to be a separate network.
I don't know if your router can provide a third network. If not maybe it's VLAN capable, so you can achieve the same logical setup with VLAN.
If you use the WAN interface on pfSense and enter the 10.199.0.1 as gateway, that IP is used as default gateway and packet destined for LAN will be sent to it. So there is no special route necessary on pfSense.
Only on the router you have to add a route for the VPN tunnel network.