Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN in this combination possible?

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 4 Posters 840 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Teddy
      last edited by

      Hey everyone,
      i have a little special combination of my PFSense Firewall.

      1. Public IP-WAN-Address is given to me by the modem (so it is a 192.168.178.X and not the dynamic adress given by the provider)
      2. All traffic is routed through Cyberghost VPN to the WWW (and there i'm having a shared adress, that means me and other customers of CyberGhost are using the same IP Adress)

      Now i want to be able, to establish an VPN Connection to my own network at home (to be able, to have access to the devices in my home network, like NAS Server, Smart-Home things etc.).

      But is it in this combination possible?
      I don't think so, because the DDNS-service is obviously getting the "public IP Adress", but that is the shared one with all the other users of Cyberghost (so, this IP Adress doesn't only belong to me).

      Your advice if and how it could be done, would be great!

      Sincerely

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        If you want to connect into the VPN, your VPN provider would have to forward a connection to their public IP address to you. That should enable you to run a VPN server on that forwarded port. I have never seen anyone try that.

        If you want to connect into the VPN directly on the ISP circuit, the upstream device will have to forward the connection to you.

        Public IP-WAN-Address is given to me by the modem

        192.168.178.X is not a public IP address. You will not be able to connect to that address from anywhere on the outside.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 1
        • T
          Teddy
          last edited by

          Hello Derelict,
          thank you for the fast answer.

          Part 1 sounds quite difficult and i don't think, that my VPN Provider would do that.

          Part 2 is right, PFSense shows as WAN IP-Address this 192.168.178.X. But if i get the upstream-device to forward the connection to my 192.168.178.X address, i could establish a connection via VPN? That would be maybe be not so hard to solve.

          1 Reply Last reply Reply Quote 0
          • RicoR
            Rico LAYER 8 Rebel Alliance
            last edited by Rico

            Maybe you can turn your modem into bridge mode to get a real public IP to pfSense?
            At the moment it's in router mode and you do double NAT which is not ideal.
            192.168.178.X looks like a AVM Fritzbox thing? ☺

            -Rico

            T 1 Reply Last reply Reply Quote 0
            • T
              Teddy @Rico
              last edited by

              @Rico said in VPN in this combination possible?:

              Maybe you can turn your modem into bridge mode to get a real public IP to pfSense?
              At the moment it's in router mode and you do double NAT which is not ideal.
              192.168.178.X looks like a AVM Fritzbox thing? ☺

              -Rico

              That's what i did all the years, i had my own flat.
              But now the FritzBox (You're right ;-) ) is used by my parents in completely normal way with WIFI, telephone-function etc., so i cannot switch on this function unfortunately.
              I Just put my PFsense behind the modem / router, to have my completely own network running. With my own DHCP Server, VPN connection, etc. etc.

              1 Reply Last reply Reply Quote 0
              • RicoR
                Rico LAYER 8 Rebel Alliance
                last edited by Rico

                So like Derelict said, just forward your pfSense OpenVPN RAS port from the FritzBox to your pfSense WAN IP.
                And you need to disable Block private networks in your pfSense WAN interface:
                alt text

                -Rico

                T 1 Reply Last reply Reply Quote 0
                • T
                  Teddy @Rico
                  last edited by

                  @Rico
                  Perfect! That's worth a try, i'll check the next time i'm having my homeserver and give feedback if and how it works! =)

                  1 Reply Last reply Reply Quote 0
                  • PippinP
                    Pippin
                    last edited by

                    Some VPN providers offer port forwarding.
                    Search Cyberghost's help/faq if they offer that.

                    I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                    Halton Arp

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.