VPN in this combination possible?



  • Hey everyone,
    i have a little special combination of my PFSense Firewall.

    1. Public IP-WAN-Address is given to me by the modem (so it is a 192.168.178.X and not the dynamic adress given by the provider)
    2. All traffic is routed through Cyberghost VPN to the WWW (and there i'm having a shared adress, that means me and other customers of CyberGhost are using the same IP Adress)

    Now i want to be able, to establish an VPN Connection to my own network at home (to be able, to have access to the devices in my home network, like NAS Server, Smart-Home things etc.).

    But is it in this combination possible?
    I don't think so, because the DDNS-service is obviously getting the "public IP Adress", but that is the shared one with all the other users of Cyberghost (so, this IP Adress doesn't only belong to me).

    Your advice if and how it could be done, would be great!

    Sincerely


  • LAYER 8 Netgate

    If you want to connect into the VPN, your VPN provider would have to forward a connection to their public IP address to you. That should enable you to run a VPN server on that forwarded port. I have never seen anyone try that.

    If you want to connect into the VPN directly on the ISP circuit, the upstream device will have to forward the connection to you.

    Public IP-WAN-Address is given to me by the modem

    192.168.178.X is not a public IP address. You will not be able to connect to that address from anywhere on the outside.



  • Hello Derelict,
    thank you for the fast answer.

    Part 1 sounds quite difficult and i don't think, that my VPN Provider would do that.

    Part 2 is right, PFSense shows as WAN IP-Address this 192.168.178.X. But if i get the upstream-device to forward the connection to my 192.168.178.X address, i could establish a connection via VPN? That would be maybe be not so hard to solve.


  • LAYER 8 Rebel Alliance

    Maybe you can turn your modem into bridge mode to get a real public IP to pfSense?
    At the moment it's in router mode and you do double NAT which is not ideal.
    192.168.178.X looks like a AVM Fritzbox thing? ☺

    -Rico



  • @Rico said in VPN in this combination possible?:

    Maybe you can turn your modem into bridge mode to get a real public IP to pfSense?
    At the moment it's in router mode and you do double NAT which is not ideal.
    192.168.178.X looks like a AVM Fritzbox thing? ☺

    -Rico

    That's what i did all the years, i had my own flat.
    But now the FritzBox (You're right ;-) ) is used by my parents in completely normal way with WIFI, telephone-function etc., so i cannot switch on this function unfortunately.
    I Just put my PFsense behind the modem / router, to have my completely own network running. With my own DHCP Server, VPN connection, etc. etc.


  • LAYER 8 Rebel Alliance

    So like Derelict said, just forward your pfSense OpenVPN RAS port from the FritzBox to your pfSense WAN IP.
    And you need to disable Block private networks in your pfSense WAN interface:
    alt text

    -Rico



  • @Rico
    Perfect! That's worth a try, i'll check the next time i'm having my homeserver and give feedback if and how it works! =)



  • Some VPN providers offer port forwarding.
    Search Cyberghost's help/faq if they offer that.


Log in to reply