Client to Server to Internet Client



  • pretty new to pfsense, still learning alot, but hopefully someone could help me out with this issue im trying to get working..

    A run down on the current setup as follows.

    pfsense openvpn i have 1 openvpn server, 1 openvpn client (expressvpn)

    working examples as follows..

    Lan PC is routed through the vpn client (expressvpn), working ok.

    mobile phone externally connects to the openvpn server and works as it should, etc, access LAN resources and internet (through my WAN ISP internet).

    now heres what i need and cant figure out how,

    i want my phone to connect as above, except when the phone uses the internet, i want it to use the expressvpn client and not the wan (isp)

    if someone could help me out with detailed way of getting this to work would be great.

    thanks


  • LAYER 8 Global Moderator

    Does expressvpn support port forwarding? Does it support multiple connections and clients talking to each other?

    What your asking is for your client to come down your pfsense client connection to express vpn and use your local reasources? Yeah that not supported by pretty much any vpn service.

    And to be honest pointless - other than if your goal is to make your performance on your phone as slow as possible?



  • i dont think your understanding what im trying by the sounds of it..

    doesnt matter about port forwarding and multi connections.

    put another way.

    lets say the phone is at home connected to the network by wifi, now i have local resources and also internet by the pfsense vpn client (expressvpn), as does all the lan pcs behind pfsence.

    now i take the phone, or laptop outside the local lan, connect them to the pfsence server vpn regaining local resources, but now the internet for these devices are going through the pfsence WAN (my isp), which i dont want. i still want these devices to be hidden behind the expressvpn connection that pfsense has.



  • @midknight said in Client to Server to Internet Client:

    now i take the phone, or laptop outside the local lan, connect them to the pfsence server vpn regaining local resources, but now the internet for these devices are going through the pfsence WAN (my isp), which i dont want. i still want these devices to be hidden behind the expressvpn connection that pfsense has.

    Ok, get it - I guess.

    When you have your phone connected to the inside (a or the LAN), all your connections are policy-routed through the VPN Client that connects to ExpressVPN, so your VPN Clients is the WAN for your pfSense LAN.

    Now, you connect to your VPN server, hosted on pfSense.
    You are using device mode 'tun', right ?
    What is your "IPv4 Tunnel Network" ? It can't be an existing network on some interface like LAN.
    Do you policy-route this 'call-in' network also ?

    Btw : just thinking here. I do use ExpressVPN and pFSense for pure educational reasons - and use the OpenVPN server on pfSense to call in for maintenance.
    But never I used both at the same moment.
    When I need a VPN on my phone, I activate the ExpressVPN app without passing by @home.



  • @gertjan

    yes your onto it ;)

    yes its tun,

    "IPv4 Tunnel Network" ---> 10.10.77.0/24

    Do you policy-route this 'call-in' network also ? ive tried to set it as follows..

    Firewall / Aliases /IP

    Network or FQDN --->> 10.10.77.0/24 (OpenVPN)

    Firewall / Rules / LAN

    Interface (LAN) "also tried the openvpn here too"
    Source > Single host or alias "OpenVPN"
    Gateway is set the expresssvpn

    with that set like this, when the phone is connected, its works, but the internet connection is still show as my wan ip, and not the expressvpn ip


Log in to reply