Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Install Pfsense

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Duckzelf
      last edited by

      Best

      I have a big home network. With some servers and other stuff.

      I have a router, but i would like to have Pfsense only as vpn server. Can i do that without problems? So i can acces my servers everywere in the world.

      I would like to acces my lan network then. It would be in the same subnet but i will resevate some ip adresses for the vpn.

      Thanks for the help

      0_1542897706720_Schets.jpg

      1 Reply Last reply Reply Quote 0
      • T
        tim.mcmanus
        last edited by

        Why wouldn’t you replace your router with pfSense? That’s a much better option.

        Technically you can do what you want to do.

        1 Reply Last reply Reply Quote 0
        • D
          Duckzelf
          last edited by

          Yeah i know, but the hardware that i will use will be a bit old. Not really that redundant. If the vpn goes dead its not that bad. If the router goes dead its really a bad situation. Because the security is also on the network

          1 Reply Last reply Reply Quote 0
          • D
            Duckzelf
            last edited by

            Should i use only the LAN port on the pfsense box?

            1 Reply Last reply Reply Quote 0
            • KOMK
              KOM
              last edited by

              Go to the top of this page and click the Search magnifying glass, then type in 'single nic' and press Enter. Lots of people have already done this.

              1 Reply Last reply Reply Quote 0
              • D
                Duckzelf
                last edited by

                Is it possible to do it? Cant find a topic that's what i want to do

                T 1 Reply Last reply Reply Quote 0
                • T
                  tim.mcmanus @Duckzelf
                  last edited by

                  @duckzelf said in Install Pfsense:

                  Is it possible to do it? Cant find a topic that's what i want to do

                  Yes.

                  https://www.netgate.com/docs/pfsense/vpn/openvpn/index.html

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Yes, it's possible to do it.
                    It would be better to have it on a different subnet if you can because otherwise you're going to hit asymmetric routing issues. You can workaround those by NATing the traffic from the VPN clients. It's a bit ugly though.

                    Obviously you will need to setup port forwards etc on the existing router for the incoming VPN connections to reach pfSense.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • D
                      Duckzelf
                      last edited by

                      Okay, but then i can't reach my lan network and servers annymore right?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Why not? As long as you have firewall rules to allow it in your existing router it will work fine. Everything will be routed through that so traffic would not be asymmetric.
                        But as I say you can use NAT to avoid that.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • D
                          Duckzelf
                          last edited by

                          Would the subnet be the better option or the NAT?

                          1 Reply Last reply Reply Quote 0
                          • D
                            Duckzelf
                            last edited by

                            Can i set that up in a netgear R7000, that firewall rules?

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by stephenw10

                              The separate subnet would IMO.
                              If it's in the same subnet then you have to either live with asymmteric routing and put in place rules to allow that. I have no idea if your existing router has that capability.
                              https://www.netgate.com/docs/pfsense/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.html
                              Or you NAT the VPN traffic leaving pfSense which means the LAN side resources cannot open connections to VPN clients only the other way around. Mostly that's not required though.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • D
                                Duckzelf
                                last edited by

                                Okay thanks, the second option would be very nice. Thanks for your help! How do i NAT the vpn traffic?

                                1 Reply Last reply Reply Quote 0
                                • T
                                  tim.mcmanus
                                  last edited by tim.mcmanus

                                  IMHO, if you're not going to replace your Internet router, don't add pfSense to run as a VPN server. You are adding a good amount of complexity to your network. You would need to do a good amount of reconfiguration on the pfSense router to get everything to work flawlessly. And if you run into any issues, the additional complexity is going to make troubleshooting all that more difficult.

                                  Install a Linux box or something like that with OpenVPN running on it. That might be a better solution that is a lot more manageable.

                                  Here is one example. Do some research and this might be a better solution for your network.

                                  https://www.linux.com/blog/how-install-openvpn-centos-7

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    I would use pfSense here if you want OpenVPN. But I may be biased! 😉
                                    Obviously I'm very familiar with it.

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      Duckzelf
                                      last edited by

                                      I would also use pfsense :). How do i NAT the VPN traffic ;)?

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Actually it will do that by default if you only have one interface assigned and it has a gateway on it.

                                        Try it and see.

                                        Steve

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.