Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing Pfsense through a cloud VPN service like NordVPN

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    6 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      XabiX
      last edited by XabiX

      Hello,

      For security reasons and to easy the connections of remote mobile devices, I have subscribed to VPN Service Provider (here NordVPN). I am desperate in looking for some guidance on how to setup remote access to my network but through the VPN provider but can't seem to find and I don't think this is so special that no one has done so.
      Ex: Mobile devices (Android) -> NordVPN -> PfSense -> LAN

      This secures who can VPN in Pfsense by allowing remote access to only one IP address (from NordVPN) and this simplifies a lot the setup on the mobile devices (certificates etc...).
      I am not sure what to google to find a "how to" guide for such type of setup. Any one who can refer me to some good sites?
      I believe this would be a reverse VPN or a VPN gateway through a VPN service provider but don't seem to give good results.

      Merci
      XabiX

      Pfsense (latest 2.4) running on Proxmox 5.2 with Intel I350 quad ports
      Click on the Website (small planet) to see my network diagram

      P 1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned
        last edited by

        A VPN Provider is not going to improve your security and it's certainly not going to make the connecting of remote devices easier.

        1 Reply Last reply Reply Quote 0
        • X
          XabiX
          last edited by XabiX

          That's an other debate. At least for me using NordVPN clients on Android/Apple is much simpler than having to export certificates and to open my firewall to any ip in EU and US.
          Otherwise how to overcome to have to expose a port on WAN Pfsense?

          Pfsense (latest 2.4) running on Proxmox 5.2 with Intel I350 quad ports
          Click on the Website (small planet) to see my network diagram

          1 Reply Last reply Reply Quote 0
          • P
            P3R @XabiX
            last edited by

            @xabix said in Accessing Pfsense through a cloud VPN service like NordVPN:

            Ex: Mobile devices (Android) -> NordVPN -> PfSense -> LAN

            Site-to-site and remote access VPNs have been in use for many years in firewalls, long before this explosion of VPN-providers started that have now made also the average non-tecnical users aware of VPNs. Different kind of VPNs have different objectives though and different kinds of VPN-services shouldn't be confused.

            As far as I know, the main objective of most VPN-services offered is to protect the privacy of outgoing traffic. A remote access VPN that's intended to protect incoming traffic is a different thing. I think that you should ask your VPN-provider if they offer remote access VPN also and if they do, how to set that up with pfSense. If they do offer it, I would imagine that you at the very least need a private ip address at the exit-point of the VPN-provider. That may be the opposite of what you want for your outgoing traffic, as it's probably better for your privacy if your outgoing traffic is mixed up with traffic from other users at the exit point.

            The question is though if you would gain anything from offering remote access through a VPN-provider? I can't see any real advantage except for a more complicated configuration and probably a higher cost.

            When offering a remote access VPN you still need to have open ports for the incoming VPN-connection, either in the firewall or (if it's offered) with the VPN-provider.

            The way a remote access VPN is normally setup:
            Mobile clients (any OS) -> PfSense (running a VPN-server) -> LAN

            You don't need to pay for a VPN-service from someone to offer remote access VPN.

            1 Reply Last reply Reply Quote 1
            • X
              XabiX
              last edited by

              Hi P3R,

              Many thanks for the detailed information. I actually needed the VPN provider for another reason (so I have it for 3y and under using it) thus why I was thinking to use it also to simplify the configuration on the mobile devices side. This adds some complexity as I would need to have an one off site to site vpn between the vpn provider and my pfsense but then all the end users would be configured easily through their app with a login/pwd and a selection of the server.

              Today I am doing what you mentioned directly with Android OpenVPN and an export of certificate as well as an user/pwd. I may then keep doing this but I didn't find that easy to set up the clients.

              Sounds like I will keep doing what I was doing and obviously my pfsense vpn port is opened to a big geo list.

              Merci
              XabiX

              Pfsense (latest 2.4) running on Proxmox 5.2 with Intel I350 quad ports
              Click on the Website (small planet) to see my network diagram

              1 Reply Last reply Reply Quote 0
              • A
                ashwinparkar
                last edited by

                I Need Cloud VPN Guidance.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.