Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to Setting network for open VPN

    General pfSense Questions
    3
    3
    418
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rodig0
      last edited by

      I’m considering implementing pfsense in my home network , currently I have RT-AC87U with the basic setup.
      I have built pfsense on a box with Atom, CPU E3815 1.46GHz , 4G of RAM and 8G of CF card
      In my current network I have a couple of computers, phones and printer which are connected via wireless, and IPTV and PS4 (Let us call it IoT) via cable, and all run together on the same network
      My Goal
      1- Isolate IoT devices and the private Lan on two different network
      2- Implement OpenVPN with Redirect IPv4 Gateway option, so when I travel or in unsecure network I can connect to my home FW and redirect my traffic to my home ISP, I don’t want to reach any of my home network , I just need redirect my traffic only.
      My Plan
      1- Buy managed switch and create 3 VLANs one for the private network (wireless) , and one for IoT device and one as managment VLAN. And each one will have separate subnet.
      2- Convert Asus router as AP
      3- Deploy open VPN with PKI and allow redirect traffic only, No access to my internal network.
      4- Implement AV , snort and web-filter on Pfsense as I use AV and web-filter now on my Asus router.
      I’m not sure if that the optimal design for my network, and probably the redirect traffic on the VPN side will be tricky , so any suggestion or ideas will be highly appreciated.

      Thank in advance.

      1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned
        last edited by

        Read the book: https://docs.netgate.com/pfsense/en/latest/book/

        1 Reply Last reply Reply Quote 0
        • M
          marvosa
          last edited by

          This is a common request and fairly straight forward to implement.

          1- Buy managed switch and create 3 VLANs one for the private network (wireless) , and one for IoT device and one as managment VLAN. And each one will have separate subnet.

          There are two questions here:

          1. Will it be a Layer 2 or Layer 3 switch?
          2. If it's a L3 switch, do you want to lean towards performance or security? Because each option will change the design.

          Personally, I always lean towards performance, but my concerns and priorities may be different than yours.

          3- Deploy open VPN with PKI and allow redirect traffic only, No access to my internal network.

          This is easy to do. It's as simple as a checkbox on the OpenVPN config and a firewall rule.

          4- Implement AV , snort and web-filter on Pfsense as I use AV and web-filter now on my Asus router.

          You can install Snort or Suricata for IDS/IPS, but the only AV and web-filtering options on PFsense require you to install the Squid package. Personally, instead of trying to leverage PFsense packages that may give you semi-effective, UTM-like features, I'd recommend actually implementing a UTM product. For example, I have Untangle running in bridge mode inside of a VM which sits between PFsense and my core switch providing AV, web filtering, application control, reporting, etc.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.